Home / About / Threat Intelligence / Chrome Vulnerabilities

Overview

Google have released a patch for Chrome browser with a number of security fixes. Some of the fixed vulnerabilities (CVE-2021-30632 and CVE-2021-30633) are being actively exploited in the wild. Chromium-based browsers such as Microsoft Edge, Brave and Opera are also affected.

Impact

A malicious website may be able to execute code on a hosts machine.

Vulnerability Detection

You can see which version of Chrome you are running in the About tab of the settings page.
Navigate your browser to: chrome://settings/help
The most recent version as of 2021-09-21 is 93.0.4577.82

Affected Products

Google Chrome before 93.0.4577.82
Microsoft Edge before 93.0.961.52
Other chromium based browsers

  • CVE-2021-30625: Use after free in Selection API
  • CVE-2021-30626: Out of bounds memory access in ANGLE
  • CVE-2021-30627: Type Confusion in Blink layout
  • CVE-2021-30628: Stack buffer overflow in ANGLE
  • CVE-2021-30629: Use after free in Permissions
  • CVE-2021-30630: Inappropriate implementation in Blink
  • CVE-2021-30631: Type Confusion in Blink layout
  • CVE-2021-30632: Out of bounds write in V8.
  • CVE-2021-30633: Use after free in Indexed DB API

Containment, Mitigations & Remediations

If you’re running an older version, then Chrome should update itself automatically on the next launch.
The About page can be used to manually update and this requires a relaunch of the browser.

Other advice:

  • Don’t use administrative accounts to browse the internet.
  • Avoid clicking on suspicious links or browsing untrustworthy websites.
  • Apply the Principle of Least Privilege to all systems and services.

Threat Landscape

This is the 10th zero-day vulnerability patched by Google this year.

Mitre Methodologies

T1189 – Drive-by Compromise

Further Information

Stable Channel Update for Desktop