Request a Demo
Rewterz
Rewterz Threat Advisory – Multiple Apache Vulnerabilities
April 28, 2021
Rewterz
Rewterz Threat Alert – Trickbot Malware- Active IOCs
April 28, 2021

Rewterz Threat Advisory – Multiple Google Chrome Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2021-21233

The Google Chrome vulnerability allows a remote attacker to overflow a buffer and execute arbitrary codes on the system. The heap-based buffer overflow is caused by improper bounds checking by ANGLE. The vulnerability could also cause the application to crash.


CVE-2021-21232

The Google Chrome vulnerability allows a remote attacker to execute arbitrary code on the system. The exploit is caused by a use-after-free in Dev Tools. A remote attacker could exploit this vulnerability by persuading the victim to visit a specially crafted website that will execute the arbitrary code or cause denial of service conditions.


CVE-2021-21231; CVE-2021-21227

The Google Chrome vulnerability allows a remote attacker to bypass security restrictions. The exploit is caused by insufficient data validation in V8. A remote attacker could exploit this vulnerability by persuading the victim to visit a specially crafted website that will bypass security restrictions.

CVE-2021-21230

The Google Chrome vulnerability allows a remote attacker to execute arbitrary code on the system. The exploit is caused by a type confusion in V8. A remote attacker could exploit this vulnerability by persuading the victim to visit a specially crafted website that will execute the arbitrary code.


CVE-2021-21229

The Google Chrome vulnerability allows a remote attacker to bypass security restrictions. The exploit is caused by incorrect security UI in downloads. A remote attacker could exploit this vulnerability by persuading the victim to visit a specially crafted website that will bypass security restrictions.


CVE-2021-21228

The Google Chrome vulnerability allows a remote attacker to bypass security restrictions. The exploit is caused by insufficient policy enforcement in extensions. A remote attacker could exploit this vulnerability by persuading the victim to visit a specially crafted website that will bypass security restrictions.

Impact

  • Denial of Service
  • Remote Code Execution
  • Security Bypass

Affected Vendors

Google

Affected Products

Google Chrome 90

Remediation

Install the latest patches and upgrade to Google Chrome 90.0.4430.93 or later from https://chromereleases.googleblog.com/