Google has released Chrome 88 to the stable channel with several security improvements inside, including patches for 36 vulnerabilities, one of which is rated critical severity, and dropped support for Adobe Flash.
The removal of Flash support isn’t surprising, considering that the software reached end-of-life on December 31, 2020, and Adobe started blocking Flash content last week.
Chrome 88 also arrived with improved password protections, including a check that helps users identify weak passwords and immediately act upon the issue, to ensure better protection of their accounts.
Starting with the new browser release, password management is even easier in the Chrome settings on desktop and iOS. Chrome was already prompting users to update their saved passwords at login, and now updating multiple usernames and passwords has been simplified, the Internet search giant says.
The new browser iteration arrives with patches for a total of 36 vulnerabilities, 26 of which were reported by external researchers. The flaws can be exploited if the user visits or is redirected to a specially crafted webpage.
The most important of these is CVE-2021-21117, an insufficient policy enforcement issue in Cryptohome that was rated critical severity. Exploitation of the bug could result in arbitrary code execution in the context of the browser, the Multi-State Information Sharing and Analysis Center (MS-ISAC) notes in an advisory.
The issue was reported by Rory McNamara, who received a $30,000 bug bounty reward for the discovery.
A total of nine vulnerabilities rated high severity were reported by external researchers, with use-after-free being the most frequent bug type (six of the vulnerabilities). Two high-risk insufficient data validation flaws and one insufficient policy enforcement were also addressed.
Six of the ten medium-severity flaws reported externally were insufficient policy enforcement bugs, accompanied by two inappropriate implementations, one heap buffer overflow, and one incorrect security UI issue.
Chrome 88 also addresses six low-severity vulnerabilities reported by external researchers.
Google says it paid more than $80,000 in bug bounties to the reporting researchers, but the company hasn’t disclosed all of the reward amounts yet.
The latest stable version of Chrome is 88.0.4324.96 and is currently rolling out to Windows, Mac and Linux users.
Related: Chrome, Edge and Firefox May Leak Information on Installed Apps
Related: Chrome Update Patches Actively Exploited FreeType Vulnerability
Related: Google Patches Actively Exploited Chrome Vulnerabilities
More from Ionut Arghire
- Software Supply Chain Security Firm Lineaje Raises $7 Million
- Vulnerability Provided Access to Toyota Supplier Management Network
- Linux Variant of Cl0p Ransomware Emerges
- New York Attorney General Fines Vendor for Illegally Promoting Spyware
- 20 Million Users Impacted by Data Breach at Instant Checkmate, TruthFinder
- Florida Hospital Cancels Procedures, Diverts Patients Following Cyberattack
- Former Ubiquiti Employee Who Posed as Hacker Pleads Guilty
- Atlassian Warns of Critical Jira Service Management Vulnerability
Latest News
- Software Supply Chain Security Firm Lineaje Raises $7 Million
- ICS Cybersecurity Firm Opscura Launches With $9.4 Million in Series A Funding
- Vulnerability Provided Access to Toyota Supplier Management Network
- Patch Released for Actively Exploited GoAnywhere MFT Zero-Day
- Linux Variant of Cl0p Ransomware Emerges
- VMware Says No Evidence of Zero-Day Exploitation in ESXiArgs Ransomware Attacks
- Comcast Wants a Slice of the Enterprise Cybersecurity Business
- Critical Baicells Device Vulnerability Can Expose Telecoms Networks to Snooping
