The new Chrome version 93.0.4577.63 is now available for Windows, macOS and Linux. The Chrome Release Blog lists 19 fixed vulnerabilities. Five of these vulnerabilities are identified as high risk and 12 as medium risk. For eight additionally identified vulnerabilities Google has not provided any public information.
Security researchers who discovered vulnerabilities and reported these to Google receive a total of more than $ 136,000 in rewards. One researcher receives $ 20,000 each for three use-after-free vulnerabilities in Blink and WebRTC.
Chrome 93 blocks connections via HTTPS, HTTP and FTP on ports 989 and 990. These ports are assigned to the FTPS protocol (FTP Secure), which was never implemented in Chrome. But attackers could attack FTPS servers with specially prepared HTTPS calls (ALPACA attack). In addition, Google has removed support for the 3DES (Triple DES) encryption method, a legacy from SSL 2.0 and 3.0 that has long been considered insecure.
Chrome updates are available through the built-in update functionality. They are usually downloaded and installed automatically. If you do not want to wait, you can also initiate the update manually under Help ยป About Google Chrome.
about author
