2 Zero-Day Vulnerabilities in Google Chrome (CVE-2021-30632, CVE-2021-30633)

2 Zero-Day Vulnerabilities in Google Chrome (CVE-2021-30632, CVE-2021-30633)

2 Zero-Day vulnerabilities in Google Chrome (CVE-2021-30632, CVE-2021-30633) are actively exploited in the wild.

Overview

Google has announced a new update to patch for 11 new vulnerabilities that exist in Chrome browser. Chrome for Windows, Mac and Linux should be updated immediately, as two of these vulnerabilities are zero-days (CVE-2021-30632, CVE-2021-30633) actively exploited in the wild.

Description

Google has released a new version (93.0.4577.82) for Chrome for Windows, Mac and Linux to patch for a total of 11 security vulnerabilities. So far, Google has disclosed limited information, such as CVE identifiers and vulnerability types, for only 9 of the vulnerabilities that have been reported by external security researchers. All of the publicly shared 9 vulnerabilities have “High” severity rating. For the remaining 2 vulnerabilities that have been discovered in-house, no information has been shared yet.

Google also announced that two of these vulnerabilities (CVE-2021-30632, CVE-2021-30633) are zero-days and actively exploited in the wild.

Further details on the disclosed vulnerabilities are as follows:

Google additionally shared the names of the tools for detecting these vulnerabilities. Following are a list of the tools used by Google for bug discovery:

Impact

A remote attacker, who successfully exploits the CVE-2021-30632 by performing out of bounds memory write in V8 could execute arbitrary code and gain full control of the system.

Impact Summary CVE-2021-30632

Category: Out of Bounds Memory Write
CVSS 3.1 Base Score: N/A
CVSS 3.1 Vector: N/A

An attacker who successfully exploits the CVE-2021-30633 by causing memory corruption (Use After Free) in Indexed DB API via a crafted HTML page could remotely execute arbitrary code and gain full control of the system.

Impact Summary CVE-2021-30633

Category: Use After Free
CVSS 3.1 Base Score: N/A
CVSS 3.1 Vector: N/A

Solution (Update)

To defend against possible attacks due to these vulnerabilities, Google Chrome needs to be updated to the stable version 93.0.4577.82.

Normally, Chrome updates in the background when it is closed and reopened. However, if it has not been closed for a while, there might be pending updates. To check for pending updates, you can click More (Three vertical dots) on the top right of the Chrome browser.

Figure 1: Google Chrome Update Version 93.0.4577.82
Figure 1: Google Chrome Update Version 93.0.4577.82
Quote by Dan Kaminsky
Quote by Dan Kaminsky

It is a fairly open secret that almost all system can be hacked, somehow. It is a less spoken of secret that such hacking has actually gone quite mainstream.

Dan Kaminsky

Read more educational and inspirational cyber quotes at our page 100+ Best Cyber Security & Hacker Quotes.

References to Advisories, Solutions and Tools

To learn more about security vulnerabilities, you could also read our articles What is a Security Vulnerability? or What is Vulnerability Scanning?