Google yapanga zosintha za Chrome 89.0.4389.128, zomwe zimakonza zovuta ziwiri (CVE-2021-21206, CVE-2021-21220), zomwe zogwirira ntchito zilipo (0-day). Chiwopsezo cha CVE-2021-21220 chidagwiritsidwa ntchito kuthyola Chrome pampikisano wa Pwn2Own 2021.
Kugwiritsa ntchito pachiwopsezochi kumachitika pogwiritsa ntchito njira ina ya code WebAssembly (chiwopsezocho chimayamba chifukwa cha cholakwika pamakina apakompyuta a WebAssembly, omwe amakulolani kulemba kapena kuwerenga zambiri ku adilesi yosasinthika kukumbukira). Zimadziwika kuti kuwononga kowonetsedwa sikulola kuti munthu adutse kudzipatula kwa sandbox ndipo kuwukira kotheratu kumafuna kuti apeze chiwopsezo china kuti atuluke mu sandbox (chiwopsezo chotere chidawonetsedwa pa Windows pa mpikisano wa Pwn2Own 2021).
Chitsanzo chakugwiritsa ntchito vutoli chidasindikizidwa pa GitHub itakonzedwa ku injini ya V8, koma popanda kudikirira kuti asakatuli apangidwe (ngakhale zitakhala kuti sizinasindikizidwe, owukira adatha kukonzanso. zimatengera kusanthula kwa kusintha kwa malo osungiramo V8, zomwe zidachitika kale chifukwa cha momwe kukonza kwa V8 kudasindikizidwa kale, koma zotengera zomwe zidasinthidwa sizinasinthidwe).
Kuphatikiza apo, mutha kuzindikira kusinthika kwadongosolo lofalitsa Chrome 90 la Linux, Windows ndi macOS. Kutulutsidwa uku kudakonzedwa pa Epulo 13, koma sikunasindikizidwe dzulo, ndipo mtundu wa Android wokha ndi womwe unatulutsidwa. Kutulutsa kowonjezera kwa beta kwa Chrome 90 kudapangidwa lero. Tsiku latsopano lotulutsidwa silinalengezedwe.
Source: opennet.ru