Request a Demo
Rewterz
Rewterz Threat Alert – SNAKE Ransomware – Active IOCs
November 18, 2021
Rewterz
Rewterz Threat Advisory – CVE-2021-43975 – Linux Kernel hw_atl_utils_fw_rpc_wait Vulnerability
November 19, 2021

Rewterz Threat Advisory – CVE-2021-1048 – Google Zero-Day Actively Exploited In The Wild

Severity

Medium

Analysis Summary

CVE-2021-38009

Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in cache. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions

CVE-2021-38007

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a type confusion in V8. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause a denial of service or to execute arbitrary code on the system.

CVE-2021-38006

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error in storage foundation. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause a denial of service or to execute arbitrary code on the system.

CVE-2021-38005

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error in loader. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause a denial of service or to execute arbitrary code on the system.

CVE-2021-38010

Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in service workers. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2021-38011

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error in storage foundation. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause a denial of service or to execute arbitrary code on the system.

CVE-2021-38012

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a type confusion in V8. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause a denial of service or to execute arbitrary code on the system.

CVE-2021-38013

Google Chrome is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by fingerprint recognition. By persuading a victim to visit a specially crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

CVE-2021-38014

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write in Swiftshader. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2021-38015

Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in input. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2021-38016

Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient policy enforcement in background fetch. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2021-38017

Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient policy enforcement in iframe sandbox. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2021-38018

Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in navigation. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2021-38019

Google Chrome could allow a remote attacker to bypass security restrictions, caused by nsufficient policy enforcement in CORS. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2021-38020

Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient policy enforcement in contacts picker. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2021-38021

Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in referrer. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2021-38022

Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in WebAuthentication. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

Impact

  • Security Bypass
  • Code Execution
  • Buffer Overflow

Affected Vendors

Google Andriod

Affected Products

  • Google Chrome 96

Remediation

Upgrade to the latest version of Chrome, available from the Google Chrome Web site.

https://chromereleases.googleblog.com/