Google has recently released the new Chrome 90 browser version to its users. This update arrived shortly after Google addressed two new Chrome zero-day bugs that caught public attention.
Two New Zero-Day Bugs In Chrome Browser
Reportedly, Google has recently addressed two new Chrome zero-day bugs within a week.
Shortly after its disclosure, another researcher, Rajvardhan Agarwal, published a working exploit for it, thus pushing for a fix indirectly. (This exploit also risked other Chromium-based browsers as well, such as Microsoft Edge, Opera, and Brave.)
A few days later, another user dropped a second zero-day publicly on Twitter.
another chrome 0dayhttps://t.co/QJy24ARKlU
Just here to drop a chrome 0day. Yes you read that right.
— frust (@frust93717815) April 14, 2021
The following video demonstrates the exploit.
Update To The Latest Chrome 90
Following the bug reports, Google deployed the patches for both with the release of Chrome version 89.0.4389.128. Thus, anyone running this version on their systems should remain protected from potential exploitation of the zero-day flaws.
However, recently, Google has released Chrome 90 as well. It’s the latest Chrome browser version that brings prominent updates.
As described in Google’s post, the new Chrome 90 blocks downloading from HTTP by default if the target website has an HTTPS. The tech giant first announced this change in March 2021, pledging it for Chrome 90.
Alongside this change, Chrome also brings with it the patches for 37 different security vulnerabilities. This also includes some notable high-severity vulnerabilities as well that made the researchers win huge bounties.
Though, Google, like always, hasn’t shared any details of the flaws yet out of security. Yet, as evident, the fixes address 6 high-severity, 10 medium-severity, and 3 low-severity flaws.
Therefore, users should ensure updating their systems with the latest Chrome browser version for a safer browsing experience.