February 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – Multiple Oracle Essbase Administration Server Vulnerabilities
October 21, 2021Rewterz Threat Advisory – CVE-2021-23449 – Node.js vm2 module
October 21, 2021Rewterz Threat Advisory – Multiple Oracle Essbase Administration Server Vulnerabilities
October 21, 2021Rewterz Threat Advisory – CVE-2021-23449 – Node.js vm2 module
October 21, 2021
Severity
Medium
Analysis Summary
CVE-2021-37995
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in WebApp Installer. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2021-37994
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in iFrame Sandbox. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2021-37996
Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient validation of untrusted input in Downloads. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2021-37993
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in PDF Accessibility. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2021-37992
Google Chrome could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in WebAudio. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVE-2021-37991
Google Chrome is vulnerable to a denial of service, caused by a race condition in V8. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2021-37990
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in WebView. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2021-37988
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Profiles. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
Impact
- Security Bypass
- Denial of Service
- Information Disclosure
- Code Execution
Affected Vendors
Affected Products
- Google Chrome 95
Remediation
Upgrade to the latest version of Chrome, available from the Google Chrome Web site.