Google ya ƙirƙiri sabuntawa zuwa Chrome 89.0.4389.128, wanda ke gyara lahani biyu (CVE-2021-21206, CVE-2021-21220), wanda akwai fa'idodin aiki (0-day). An yi amfani da raunin CVE-2021-21220 don hack Chrome a gasar Pwn2Own 2021.
Ana yin amfani da wannan raunin ta hanyar aiwatar da wata hanyar da aka tsara lambar WebAssembly (rauni yana haifar da kuskure a cikin na'ura mai mahimmanci na WebAssembly, wanda ke ba ku damar rubuta ko karanta bayanai zuwa adireshin sabani a cikin ƙwaƙwalwar ajiya). An lura cewa abin da aka nuna baya ƙyale mutum ya ketare keɓewar akwatin sandbox kuma cikakken harin yana buƙatar gano wani lahani don fita daga akwatin yashi (an nuna irin wannan raunin don Windows a gasar Pwn2Own 2021).
An buga misali na cin gajiyar wannan matsala akan GitHub bayan an gyara injin V8, amma ba tare da jiran sabuntawar burauzar da za a samar da shi ba (ko da ba a buga fa'idar ba, maharan sun sami damar sake ƙirƙira. ya dogara da nazarin canje-canje a cikin ma'ajin V8, wanda ya riga ya faru a baya saboda yanayin da aka riga an buga gyara a cikin V8, amma samfurori da aka dogara da shi ba a sabunta su ba).
Bugu da ƙari, zaku iya lura da canji a cikin jadawalin bugawa don sakin Chrome 90 don Linux, Windows da macOS. An tsara wannan sakin ne a ranar 13 ga Afrilu, amma ba a buga shi ba jiya, kuma an fitar da sigar Android kawai. An samar da ƙarin sakin beta na Chrome 90 a yau. Ba a sanar da sabon ranar saki ba.
source: budenet.ru