Google fixes several security vulnerabilities with the Chrome 89.0.4389.72 update

Google fixes several security vulnerabilities with the Chrome 89.0.4389.72 update

Hello everyone,

Chrome stable channel has been updated to 89.0.4389.72 for Windows, macOS, and Linux. This update comes with fixes for several high severity vulnerabilities. The details of the vulnerabilities are as follows:

 CVE ID Vulnerability Severity
 CVE-2021-21159 Heap buffer overflow in TabStrip High
 CVE-2021-21160 Heap buffer overflow in WebAudio High
 CVE-2021-21161 Heap buffer overflow in TabStrip High
 CVE-2021-21162 Use after free in WebRTC High
 CVE-2021-21163 Insufficient data validation in Reader Mode High
 CVE-2021-21164 Insufficient data validation in Chrome for iOS High
 CVE-2021-21165 Object lifecycle issue in audio High
 CVE-2021-21166 Object lifecycle issue in audio High
 CVE-2021-21167 Use after free in bookmarks Medium
 CVE-2021-21168 Insufficient policy enforcement in appcache Medium
 CVE-2021-21169 Out of bounds memory access in V8 Medium
 CVE-2021-21170 Incorrect security UI in Loader Medium
 CVE-2021-21171 Incorrect security UI in TabStrip and Navigation Medium
 CVE-2021-21172 Insufficient policy enforcement in File System API Medium
 CVE-2021-21173 Side-channel information leakage in Network Internals Medium
 CVE-2021-21174 Inappropriate implementation in Referrer Medium
 CVE-2021-21175 Inappropriate implementation in Site isolation Medium
 CVE-2021-21176 Inappropriate implementation in full screen mode Medium
 CVE-2021-21177 Insufficient policy enforcement in Autofill Medium
 CVE-2021-21178 Inappropriate implementation in Compositing Medium
 CVE-2021-21179 Use after free in Network Internals Medium
 CVE-2021-21180 Use after free in tab search Medium
 CVE-2020-27844 Heap buffer overflow in OpenJPEG Medium
 CVE-2021-21181 Side-channel information leakage in autofill Medium
 CVE-2021-21182 Insufficient policy enforcement in navigations Low
 CVE-2021-21183 Inappropriate implementation in performance APIs Low
 CVE-2021-21184 Inappropriate implementation in performance APIs  Low
 CVE-2021-21185 Insufficient policy enforcement in extensions Low
 CVE-2021-21186 Insufficient policy enforcement in QR scanning Low
 CVE-2021-21187 Insufficient data validation in URL formatting Low
 CVE-2021-21188 Use after free in Blink Low
 CVE-2021-21189 Insufficient policy enforcement in payments Low
 CVE-2021-21190 Uninitialized Use in PDFium Low

To install these updates using Patch Manager Plus, initiate a sync between the Central Patch Repository and the Patch Manager Plus server. Once the sync is complete, search for the following Patch IDs or Bulletin ID and deploy them to your target systems.

 Patch ID Bulletin ID Patch Description
 318597 TU-017 Google Chrome (89.0.4389.72)
 318598 TU-017 Google Chrome (x64) (89.0.4389.72)

Cheers,

The ManageEngine Team