Google patches Chrome zero-day, eighth one in 2021

Chrome zero-day
Share It On:

19th July 2021, Kathmandu

Eight security vulnerabilities, including a high severity zero-day flaw exploited in the wild, are inscribed by Google Chrome.

Chrome’s new version (91.0.4472.164) has been released for Windows, Mac, and Linux to patch for a total of 8 security vulnerabilities. As yet, limited information, such as CVE identifiers and vulnerability types, on the currently uncovered vulnerabilities was done by Google.

It also reported that among the eight vulnerabilities CVE-2021-30563 is a zero-day and actively used in the wild with a known exploit for it.

Following are the lists of eight vulnerabilities along with some details:

  • CVE-2021-30541: Use after free in V8
  • CVE-2021-30559: Off-limits Write in ANGLE
  • CVE-2021-30560: Apply After Free Blink XSLT
  • CVE-2021-30561: Type Confusion in V8
  • CVE-2021-30562: Use After Free in WebSerial
  • CVE-2021-30563: Type Confusion in V8 (Zero-Day)
  • CVE-2021-30564: Heap Buffer Overflow in WebXR

Additional information on the tools for analyzing these vulnerabilities was shared by Google. The given below is a list of the tools used by Google for bug detection:

  • AddressSanitizer
  • MemorySanitizer
  • UndefinedBehaviorSanitizer
  • Control Flow Integrity
  • libFuzzer
  • AFL

Effect:

Successful exploitation by a remote attacker on CVE-2021-30541 by causing heap corruption in V8 through a crafted HTML page is able to execute arbitrary code and gain full control of the system.

Impact Summary CVE-2021-30541

Category: Use After Free
CVSS 3.1 Base Score: 8.8 High
CVSS 3.1 Vector: AV: N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Successful exploitation by a remote attacker on CVE-2021-30541 by performing outbounds memory access in ANGLE could gain unauthorized access on the system that leads to an information leak.

 Impact Summary CVE-2021-30559

Category: Use After Free
CVSS 3.1 Base Score: 8.8 High
CVSS 3.1 Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Successful exploitation by a remote attacker on CVE-2021-30559 by causing heap corruption in Blink XSLT through a crafted HTML page, could perform arbitrary code and gain full control of the system.

 Impact Summary CVE-2021-30560

Category: Use After Free
CVSS 3.1 Base Score: 8.8 High
CVSS 3.1 Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Successful exploitation by a remote attacker on CVE-2021-30560 by making heap corruption in V8 through crafted HTML page, could perform arbitrary code and gain full control of the system.

 Impact Summary CVE-2021-30561

Category: Use After Free
CVSS 3.1 Base Score: 8.8 High
CVSS 3.1 Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Successful exploitation by a remote attacker on CVE-2021-30561 by making heap corruption in WebSerial through a crafted HTML page, could execute arbitrary code and gain full control of the system.

 Impact Summary CVE-2021-30562

Category: Use After Free
CVSS 3.1 Base Score: 8.8 High
CVSS 3.1 Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Successful exploitation by a remote attacker on CVE-2021-30563 by making heap corruption in V8 through a crafted HTML page, could execute arbitrary code and gain full control of the system.

Impact Summary CVE-2021-30563

Category: Use After Free
CVSS 3.1 Base Score: 8.8 High
CVSS 3.1 Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Successful exploitation by a remote attacker on CVE-2021-30564 by causing heap corruption in WebXR through a crafted HTML page, could execute arbitrary code and gain full control of the system.

 Impact Summary CVE-2021-30564

Category: Use After Free
CVSS 3.1 Base Score: 8.8 High
CVSS 3.1 Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Solution (Update)

Google Chrome needs to be updated to the stable version 91.0.4472.164 to possibly defend against such attacks.

Google patches 8th ChromeFigure 1: Google Chrome Update Version 91.0.4472.164


Share It On:

Recent Posts

Gentle Care For Infants: Parachute Advansed Baby Partners With Ek Ek Paila for Newborn Well-being in Nepal

Gentle Care For Infants: Parachute Advansed Baby Partners With Ek

Share It On:7 October 2024, Kathmandu Marico, a leading name in consumer goods, proudly announces the expansion of its product

Sanima Bank Disburses NPR 1 Million Accident Insurance Claim

Sanima Bank Disburses NPR 1 Million Accident Insurance Claim

Share It On:7 October 2024, Kathmandu Sanima Bank recently transferred an accident insurance claim worth NPR 1 million under its

Singhadurbar Smart Gate Pass System Goes Live!

Singhadurbar Smart Gate Pass System Goes Live!

Share It On:7 October 2024, Kathmandu The Singhadurbar Smart Gate Pass System is now officially live! Visitors can easily register

Elevating Global Nepali Professionals Event in Seattle: Panelists Announced for October 18 Networking and Discussion

Elevating Global Nepali Professionals Event in Seattle: Panelists Announced for

Share It On:7 October 2024, Kathmandu The Great Nepali Diaspora is excited to announce the incredible panelists for the Seattle

NMB Bank Partners Mechi Drishti Eye Hospital For Exclusive Discounts

NMB Bank Partners Mechi Drishti Eye Hospital For Exclusive Discounts

Share It On:7 October 2024, Kathmandu NMB Bank is offering its customers an exclusive discount at Mechi Drishti Eye Hospital

Prabhu Bank Launches Education Hub in Chitwan to Streamline Student Loans

Prabhu Bank Launches Education Hub in Chitwan to Streamline Student

Share It On:7 October 2024, Kathmandu In a significant move aimed at supporting students seeking international education, Prabhu Bank has