Google e lokolitse ntlafatso ea Chrome 89.0.4389.128, e lokisang likotsi tse peli (CVE-2021-21206 le CVE-2021-21220) tseo mesebetsi ea letsatsi le le leng e leng teng. CVE-2021-21220 e sebelisitsoe ho senya Chrome nakong ea tlholisano ea Pwn2Own 2021.
Bofokodi bo sebediswa hampe ka ho sebedisa khoutu ya WebAssembly e entsweng ka ho kgetheha (bofokodi bo bakwa ke phoso mochining wa sebele wa WebAssembly o dumellang hore data e ngolwe kapa e balwe ho tswa atereseng ya memori e sa reroang). Ho hlokometswe hore tshebediso e bontshitsweng ha e fete ho ikarola ha lebokose la sandbox, mme tlhaselo e felletseng e hloka ho sibollwa ha bofokodi bo bong ho phonyoha lebokose la sandbox (bofokodi bo jwalo bo bontshitswe tlholisanong ya Pwn2Own 2021). Windows).
Mohlala oa tšebeliso ea taba ena o phatlalalitsoe ho GitHub ka mor'a hore tokiso e lokolloe ho enjene ea V8, empa pele lintlafatso tsa sebatli tse thehiloeng ho eona li lokolloa (le haeba ts'ebeliso e ne e sa phatlalatsoa, bahlaseli ba ka be ba ile ba khona ho e etsa hape ho latela liphetoho polokelong ea V8, e etsahetseng pele ka lebaka la boemo boo tokiso ea V8 e seng e hatisitsoe, empa lihlahisoa ha li so ka li hatisoa).
Ho phaella moo, ho bohlokoa ho hlokomela phetoho kemisong ea tokollo ea Chrome 90 bakeng sa Linux, Windows и macOSTokollo ena e ne e reretsoe ho ba ka la 13 Mmesa, empa ha ea ka ea hatisoa maobane, 'me e phatlalalitsoe feela bakeng sa AndroidHo lokollotsoe beta e 'ngoe ea Chrome 90 kajeno. Letsatsi le lecha la tokollo ha le so phatlalatsoe.
Source: opennet.ru
