Chrome 89.0.4389.128 releases: fix two critical security vulnerability

According to Google’s official blog, the company has released a new version (89.0.4389.128) to the Google Chrome stable channel, which is mainly suitable for fixing a certain security vulnerability.

Specifically, this security vulnerability has affected all browsers based on the Chromium kernel, including Google Chrome and Microsoft Edge browsers.

Attackers can use this vulnerability to escape from the sandbox. Based on security considerations, Google is currently making a fix to completely solve the security problems caused by the vulnerability.

This update includes 2 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$TBD][1196781] High CVE-2021-21206: Use after free in Blink. Reported by Anonymous on 2021-04-07

[$N/A][1196683] High CVE-2021-21220: Insufficient validation of untrusted input in V8 for x86_64. Reported by Bruno Keith (@bkth_) & Niklas Baumstark (@_niklasb) of Dataflow Security (@dfsec_it) via ZDI (ZDI-CAN-13569) on 2021-04-07

In view of the fact that this vulnerability affects all Chromium kernel browsers, this means that Microsoft Edge browsers, Yandex browsers, Brave, Opera, etc. will also be affected.

Now that Google has released a new version for repair, indicating that Chromium has also successfully fixed these vulnerabilities, other browsers should also be making updates at this time.

Therefore, if users use the based-Chromium browsers, they need to check for updates as soon as possible to ensure that they use the latest version. After all, the details of the vulnerability have been published on the Internet.