- #Google chrome update march 2021 install#
- #Google chrome update march 2021 Patch#
- #Google chrome update march 2021 mac#
If you aren’t up-to-date, use the Update Google Chrome option on Windows or Mac to force an update. (In either browser, you can also put the special URL chrome://settings/help into the address bar.) For Chromium simply click About Chromium. To check what version you have, click the three-lines icon (the “hamburger menu”) in the top right corner.įor Chrome, go to Help > About Chrome.
#Google chrome update march 2021 Patch#
What to do?Īs always in a zero-day report of this sort, don’t worry too much about the exact hows and whys just yet – assume that some kind of “drive-by” RCE is possible, so that just visiting a booby-trapped site might be enough to drop malware onto your computer, and therefore patch right away. We’re also assuming, given that this bug apparently has something to do with audio processing, that the bug can be deliberately and remotely triggered by serving up some audio-related data via a booby-trapped web page.
#Google chrome update march 2021 install#
We’re assuming that some sort of remote code execution attack (RCE) is involved, in which case this bug, when successfully triggered, could lead to crooks implanting malware on your computer without you noticing at all, let alone agreeing to download or install any files. Who’s exploiting this bug, in which parts of the world, against whom, and with what sort of outcome, we don’t yet know. In this context, “zero-day” denotes that the crooks got there first, so that there were literally zero days on which even the fastest-patching sysadmin could have been ahead of the Bad Guys. In vernacular language, that means “this is a zero-day bug.” Google is aware of reports that an exploit for CVE-2021-21166 exists in the wild. We don’t know what form these particular bugs took, given that the Chromium team’s discussion of the bugs in this release still seems to be in “keep-it-private-to-stave-off-the-crooks-a-while-longer” mode.īut we do know that at the end of this month’s bug list you will see an almost casual sentence saying that: Stopping two different parts of the program from clashing over access to the object.Not doing the wrong sort of calculations on the data in an object, such as trying to treat a JPEG file as a PNG, or assuming that an audio clip has 16 bits per audio sample when it only has 8 bits.Not doing any calculations on the object before its memory has been assigned and initialised.Taking care not to reclaim and reallocate the memory while the object is still being used.Ensuring that the memory it uses is reclaimed by the system when the object is no longer needed.Managing an object’s lifecycle means, amongst other things: The word “object” refers, very loosely, to a block of memory containing some sort of data structure, together with a list of associated programmatic functions for manipulating that data. Īn object lifecycle issue is a jargon way of referring to what probably amounts to some kind of memory mismanagement. The first bug is numbered CVE-2021-21165, reported on, a month ago the second was dubbed CVE-2021-21166, reported a week after that on.
Reported by Alison Huffman, Microsoft Browser Vulnerability Research. Two of the eight High Severity bugs in this set of patches were apparently found in the same part of Chrome, denoted in Google’s list merely as: Object lifecycle issue in audio. If you’re using a Chromium-based product from another browser maker, check with that vendor for information about whether their build is affected by this bug, and if so whether the patch is downloadable yet. In fact, we suggest going out manually and making sure you’ve got your Chrome update already, without waiting for those day/weeks to elapse until the update finds you. We’ve never quite understood Google’s mention of rolling out updates over “days/weeks” in an update bulletin that includes 47 security fixes, of which eight have a severity level of High.
This will roll out over the coming days/weeks. The Chrome team is delighted to announce the promotion of Chrome 89 to the stable channel for Windows, Mac and Linux. Almost exactly a month ago, or a couple of days under an average month given that February was the short one, we warned of a zero-day bug in Google’s Chromium browser code.Īnd we’re saying it again, following Google’s otherwise cheery release of version.
0 kommentar(er)
