Request a Demo
Rewterz
Rewterz Threat Advisory – Multiple Oracle Essbase Administration Server Vulnerabilities
October 21, 2021
Rewterz
Rewterz Threat Advisory – CVE-2021-23449 – Node.js vm2 module
October 21, 2021

Rewterz Threat Advisory – Multiple Google Chrome Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2021-37995 

Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in WebApp Installer. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2021-37994 

Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in iFrame Sandbox. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2021-37996 

Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient validation of untrusted input in Downloads. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2021-37993 

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in PDF Accessibility. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.

CVE-2021-37992 

Google Chrome could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in WebAudio. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to obtain sensitive information.

CVE-2021-37991 

Google Chrome is vulnerable to a denial of service, caused by a race condition in V8. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2021-37990 

Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in WebView. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2021-37988 

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Profiles. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.

Impact

  • Security Bypass
  • Denial of Service
  • Information Disclosure
  • Code Execution

Affected Vendors

Google

Affected Products

  • Google Chrome 95

Remediation

Upgrade to the latest version of Chrome, available from the Google Chrome Web site.

https://chromereleases.googleblog.com/