Google Chrome before 88.0.4324.150 for Windows, Mac and Linux has a Heap-based Buffer Overflow vulnerability, allowing remote attackers to execute arbitrary code on the target systems.
Google Chrome has released a new version (88.0.4324.150) for Windows, Mac and Linux to patch for a critical Heap-based Buffer Overflow vulnerability that could allow attackers to execute arbitrary code on the victim systems.
The zero-day vulnerability is considered to be critical since it is exploitable remotely and considered to be exploited in the wild.
To exploit the vulnerability, remote attackers can trick users to go to specially crafted web pages to trigger the Heap-based Buffer Overflow and execute arbitrary code on the victim machines. Successful exploitation of the vulnerability could result in full takeover of vulnerable systems.
Any unprivileged remote attacker can execute arbitrary code on the victims systems, leading to complete compromise of the vulnerable machines.
Category: Remote Code Execution (RCE)
CVSS 3.1 Base Score: 8.8 High
CVSS 3.1 Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
To defend against possible attacks due to this zero-day vulnerability (CVE-2021-21148), Chrome needs to be updated to version 88.0.4324.150.
Normally, Chrome updates in the background when it is closed and reopened. However, if it has not been closed for a while, there might be pending updates. To check for pending updates, you can click
More (Three vertical dots) on the top right of the Chrome browser.
One ought to design systems under the assumption that the enemy will immediately gain full familiarity with them.Claude Shannon
Read more educational and inspirational cyber quotes at our page 100+ Best Cyber Security & Hacker Quotes.
References to Advisories, Solutions and Tools
- https://nvd.nist.gov (CVE-2021-21148)