I-Google idale isibuyekezo ku-Chrome 89.0.4389.128, elungisa ubungozi obubili (CVE-2021-21206, CVE-2021-21220), okutholakala kukho ukuxhashazwa okusebenzayo (0-day). Ukuba sengozini kwe-CVE-2021-21220 kwasetshenziswa ukugebenga i-Chrome emqhudelwaneni we-Pwn2Own 2021.
Ukuxhashazwa kwalokhu kuba sengcupheni kwenziwa ngokusetshenziswa kwendlela ethile yekhodi ye-WebAssembly efomethiweyo (ukuba sengozini kubangelwa iphutha emshinini we-WebAssembly virtual, okuvumela ukuthi ubhale noma ufunde idatha ekhelini elingenasizathu kumemori). Kuyaphawulwa ukuthi ukuxhaphaza okubonisiwe akuvumeli ukuthi umuntu adlule ukuhlukaniswa kwebhokisi lesihlabathi futhi ukuhlasela okuphelele kudinga ukutholwa kobunye ubungozi ukuze aphume ku-sandbox (ukuba sengozini okunjalo kuboniswe ku-Windows emqhudelwaneni we-Pwn2Own 2021).
Isibonelo sokuxhashazwa kwale nkinga sishicilelwe ku-GitHub ngemva kokulungiswa enjinini ye-V8, kodwa ngaphandle kokulinda isibuyekezo sesiphequluli esisekelwe kuso ukuthi senziwa (ngisho noma ukuxhaphaza bekungakashicilelwa, abahlaseli bakwazile ukuphinda badale. isekelwe ekuhlaziyweni kwezinguquko endaweni yokugcina ye-V8, osekwenzekile ngaphambili ngenxa yesimo lapho ukulungiswa kwe-V8 sekushicilelwe kakade, kodwa imikhiqizo esekelwe kuyo ayikabuyekezwa).
Ukwengeza, ungaqaphela ukuguquguquka kushejuli yokushicilelwa kokukhishwa kwe-Chrome 90 ye-Linux, Windows ne-macOS. Lokhu kukhishwa bekuhlelelwe u-Ephreli 13, kodwa akuzange kushicilelwe izolo, futhi inguqulo ye-Android kuphela ekhishwe. Ukukhishwa okwengeziwe kwe-beta kwe-Chrome 90 kwakhiwa namuhla. Idethi entsha yokukhishwa ayikamenyezelwa.
Source: opennet.ru