Google Has Released a Fix For High-Severity RCE Vulnerability in Chrome Browser

Google Has Released a Fix For High-Severity RCE Vulnerability in Chrome Browser

Google has released a new version 90 to fix high severity vulnerability in the V8 Javascript component of Google Chrome. The vulnerability tracked as CVE-2021-21227 is an insufficient data validation vulnerability. Successful exploitation of the vulnerability allows remote attackers to execute arbitrary code.

Security researcher Gengming Liu of Singular Security Lab reported this vulnerability to Google. Google has awarded him $15000 for reporting this high severity vulnerability.


Vulnerability Details (CVE-2021-21227)

An insufficient data validation vulnerability has been found in the Chrome browser, which allows remote attackers to execute arbitrary code. Security researcher Gengming Liu has said that the bug will not allow attackers to escape the sandbox on the system where Chrome is running, i.e., an attacker cannot access any other application or program on the system. Hence this bug needs to be coupled with other vulnerabilities to take over the system and cause more damage to the system when the browser is running.


Impact

The vulnerability could allow attackers to execute remote code. Coupling this vulnerability with other bugs to escape the sandbox could result in accessing other applications or programs in the system.


Affected Applications

Google Chrome version below 90.0.4430.93


Solutions

To address this vulnerability, Google has released Chrome version 90.0.4430.93 for Windows, Linux, and Mac. Total 9 vulnerabilities are fixed with this version, and they are as follows:

  • CVE-2021-21227: Insufficient-data-validation vulnerability that exists in the V8 component.
  • CVE-2021-21228: Insufficient-policy-enforcement vulnerability that exists in extensions.
  • CVE-2021-21229: Incorrect-security-UI vulnerability exists in downloads.
  • CVE-2021-21230: Type-confusion vulnerability exists in the V8 component.
  • CVE-2021-21231: Insufficient-data-validation vulnerability exists in the V8 component.
  • CVE-2021-21232: Use-after-free vulnerability that exists in Dev Tools component.
  • CVE-2021-21233: Heap-buffer-overflow vulnerability that exists in the ANGLE component.

SanerNow detects these vulnerabilities and automatically fixes them by applying security updates. Use SanerNow to keep your systems updated and secure.

Subscribe For More Posts Like This

Get the latest research, best practices, industry trends and cybersecurity blogs from SecPod security experts

Invalid email address
We promise not to spam you. You can unsubscribe at any time.
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments