Get in Touch
Chrome Vulnerabilities
Overview
Google have released a patch for Chrome browser with a number of security fixes. Some of the fixed vulnerabilities (CVE-2021-30632 and CVE-2021-30633) are being actively exploited in the wild. Chromium-based browsers such as Microsoft Edge, Brave and Opera are also affected.
Impact
A malicious website may be able to execute code on a hosts machine.
Vulnerability Detection
You can see which version of Chrome you are running in the About tab of the settings page.
Navigate your browser to: chrome://settings/help
The most recent version as of 2021-09-21 is 93.0.4577.82
Affected Products
Google Chrome before 93.0.4577.82
Microsoft Edge before 93.0.961.52
Other chromium based browsers
- CVE-2021-30625: Use after free in Selection API
- CVE-2021-30626: Out of bounds memory access in ANGLE
- CVE-2021-30627: Type Confusion in Blink layout
- CVE-2021-30628: Stack buffer overflow in ANGLE
- CVE-2021-30629: Use after free in Permissions
- CVE-2021-30630: Inappropriate implementation in Blink
- CVE-2021-30631: Type Confusion in Blink layout
- CVE-2021-30632: Out of bounds write in V8.
- CVE-2021-30633: Use after free in Indexed DB API
Containment, Mitigations & Remediations
If you’re running an older version, then Chrome should update itself automatically on the next launch.
The About page can be used to manually update and this requires a relaunch of the browser.
Other advice:
- Don’t use administrative accounts to browse the internet.
- Avoid clicking on suspicious links or browsing untrustworthy websites.
- Apply the Principle of Least Privilege to all systems and services.
Threat Landscape
This is the 10th zero-day vulnerability patched by Google this year.
Mitre Methodologies
– T1189 – Drive-by Compromise