Google released Chrome 81 with the fixes of multiple vulnerabilities that have been identified in Google Chrome and the high severity vulnerabilities could enable arbitrary code execution. Well, Google Chrome is one of the well-known and most used web browser which is basically utilized to access the internet.
To update Chrome navigate to More >> Help >> Update Chrome.
The successful exploitation of the most critical of these vulnerabilities could enable an attacker to execute arbitrary code in the setting of the browser.
Hence, depending on the privileges linked with the application, an attacker could see, change, or delete the data.
If this application has configured to have fewer user rights on the system, breaches of the most critical of these vulnerabilities could have less influence than if it has set with the administrative power.
TLS 1.0 & TLS 1.1 removal was postponed
Well, TLS 1.0 and 1.1 has scheduled to be eliminated in Chrome 81, but due to the Coronavirus pandemic (COVID-19), the tech giant Google has chosen to pause its removal until Chrome 84. Hence, it has been done to anticipate problems with government and healthcare sites, which may yet be using older records and thus would be blocked.
So, the users require to be capable of accessing all sites to get the data through this health crisis. Therefore the elimination of TLS 1.0 and TLS 1.1 is postponed back to Chrome 84.
Vulnerabilities that are fixed
Apart from all these things, various vulnerabilities have been identified in Google Chrome as we told earlier, and the high severity vulnerabilities allow the attackers execution of arbitrary code.
These vulnerabilities can be breached if a user visits or redirected to a particular crafted fake web page. That’s why a total of 32 vulnerabilities have been fixed until now, and here they are mentioned below:-
- High CVE-2020-6454: Use after free in extensions.
- High CVE-2020-6423: Use after free in audio.
- High CVE-2020-6455: Out of bounds read in WebSQL.
- Medium CVE-2020-6430: Type Confusion in V8.
- Medium CVE-2020-6456: Insufficient validation of untrusted input in the clipboard.
- Medium CVE-2020-6431: Insufficient policy enforcement in full screen.
- Medium CVE-2020-6432: Insufficient policy enforcement in navigations.
- Medium CVE-2020-6433: Insufficient policy enforcement in extensions.
- Medium CVE-2020-6434: Use after free in dev tools.
- Medium CVE-2020-6435: Insufficient policy enforcement in extensions.
- Medium CVE-2020-6436: Use after free in window management.
- Low CVE-2020-6437: Inappropriate implementation in WebView.
- Low CVE-2020-6438: Insufficient policy enforcement in extensions.
- Low CVE-2020-6439: Insufficient policy enforcement in navigations.
- Low CVE-2020-6440: Inappropriate implementation in extensions.
- Low CVE-2020-6441: Insufficient policy enforcement in Omnibox.
- Low CVE-2020-6442: Inappropriate implementation in the cache.
- Low CVE-2020-6443: Insufficient data validation in developer tools.
- Low CVE-2020-6444: Uninitialized Use in WebRTC.
- Low CVE-2020-6445: Insufficient policy enforcement in trusted types.
- Low CVE-2020-6446: Insufficient policy enforcement in trusted types.
- Low CVE-2020-6447: Inappropriate implementation in developer tools.
- Low CVE-2020-6448: Use after free in V8.
While apart from this, all other Chromium-based web browser developers have also adjusted with this schedule, involving the tech giant Microsoft as well.
However, a new stable version of Microsoft Edge is anticipated any day from now. At the same time, the following significant announcement will be skipped, with chrome 84, then projected to land in mid-May just after Google releases Chrome 83 for all programs.
So, what do you think about this? Simply share all your views and thoughts in the comment section below.