Zero-Day Vulnerability in Google Chrome (CVE-2021-21148)

Zero-Day Vulnerability in Google Chrome (CVE-2021-21148)

A zero-day vulnerability exists in Google Chrome before 88.0.4324.150 that allows remote attackers to execute arbitrary code on the target systems due to a Heap-based Buffer Overflow flaw.

Contents of The Article hide
1 Overview
2 Description
3 Impact
4 Solution (Update)
5 References to Advisories, Solutions and Tools

Overview

Google Chrome before 88.0.4324.150 for Windows, Mac and Linux has a Heap-based Buffer Overflow vulnerability, allowing remote attackers to execute arbitrary code on the target systems.

Description

Google Chrome has released a new version (88.0.4324.150) for Windows, Mac and Linux to patch for a critical Heap-based Buffer Overflow vulnerability that could allow attackers to execute arbitrary code on the victim systems.

Reported by the researcher Mattias Buelens, the vulnerability exists in V8, Google Chrome’s open source JavaScript and WebAssembly engine. Specifically, the vulnerability stems from improper boundary check within the V8 engine.

The zero-day vulnerability is considered to be critical since it is exploitable remotely and considered to be exploited in the wild.

To exploit the vulnerability, remote attackers can trick users to go to specially crafted web pages to trigger the Heap-based Buffer Overflow and execute arbitrary code on the victim machines. Successful exploitation of the vulnerability could result in full takeover of vulnerable systems.

Impact

Any unprivileged remote attacker can execute arbitrary code on the victims systems, leading to complete compromise of the vulnerable machines.

Impact Summary

Category: Remote Code Execution (RCE)
CVSS 3.1 Base Score: 8.8 High
CVSS 3.1 Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Solution (Update)

To defend against possible attacks due to this zero-day vulnerability (CVE-2021-21148), Chrome needs to be updated to version 88.0.4324.150.

Normally, Chrome updates in the background when it is closed and reopened. However, if it has not been closed for a while, there might be pending updates. To check for pending updates, you can click More (Three vertical dots) on the top right of the Chrome browser.

Quote by Claude Shannon
Quote by Claude Shannon

One ought to design systems under the assumption that the enemy will immediately gain full familiarity with them.

Claude Shannon

Read more educational and inspirational cyber quotes at our page 100+ Best Cyber Security & Hacker Quotes.

References to Advisories, Solutions and Tools

To learn more about security vulnerabilities, you could also read our articles What is a Security Vulnerability? or What is Vulnerability Scanning?