2 min Security

Chrome 90 is here with seven vulnerabilities patched

Chrome 90 is here with seven vulnerabilities patched

Google has finally released Chrome version 90.0.4430.85 for Windows, Mac, and Linux. The release comes with seven security fixes. One of them is a zero-day vulnerability, which was exploited in the wild. The zero-day was assigned the identifier CVE-2021-21224.

Chrome’s technical program manager, Srinivas Sista, wrote an advisory about five vulnerabilities. They include:

  • CVE-2021-21222 (heap buffer overflow in V8)
  • CVE-2021-21223 (Integer overflow in Mojo)
  • CVE-2021-21225 (Out of bounds memory access in V8)
  • CVE-2021-21226 (use after free in navigation)
  • CVE-2021-21224 (type confusion in V8)

What’s new?

The advisory thanked five researchers for contributing to the discovery of the flaws. Srinivas also said that Google has ongoing security work that is responsible for various fixes. In the advisory, he confirms that Google is aware of reports that CVE-2021-21224 exploits exist in the wild.

At the same time, it has also emerged that Google will shorten the Chrome update cycle to four weeks.

This new version comes with new features like AV1 encoder optimized for video calls, enabling better video quality, with less bandwidth usage, even when connections are slow.

HTTPS is the default

Chrome 90 will try to load sites over HTTPS by default. With HTTPS, users get better security and improve site loading speeds. The majority of websites have transitioned to HTTPS but if the browser doesn’t find an HTTPS-supported version of the site, it will fall back to HTTP.

Other neat additions include the ability to give your Chrome windows specific names in the taskbar, right-clicking to hide the reading list (before now, you couldn’t do that), Shadow DOM (to create shadow roots using HTML alone), WebXR Depth API, and more.

Check out the new version here.