Zero-Day Vulnerability Actively Exploited in Google Chrome (CVE-2021-30563)

Overview

Google has announced a new update to patch for 8 new vulnerabilities that exist in Chrome browser. Chrome for Windows, Mac and Linux should be updated immediately, as one of the vulnerabilities is a zero-day (CVE-2021-30563) and known to be exploited in the wild.

Description

Google has released a new version (91.0.4472.164) for Chrome for Windows, Mac and Linux to patch for a total of 8 security vulnerabilities. So far, Google has disclosed limited information, such as CVE identifiers and vulnerability types, on the recently discovered vulnerabilities.

Google also announced that one of these vulnerabilities (CVE-2021-30563) is a zero-day and actively exploited in the wild with a known exploit for it.

Further details on the disclosed vulnerabilities are as follows:

Impact

A remote attacker, who successfully exploits the CVE-2021-30541 by causing heap corruption in V8 via a crafted HTML page, could execute arbitrary code and gain full control of the system.

A remote attacker, who successfully exploits the CVE-2021-30559 by performing out of bounds memory access in ANGLE, could gain unauthorized access on the system, leading to information disclosure.

A remote attacker, who successfully exploits the CVE-2021-30560 by causing heap corruption in Blink XSLT via a crafted HTML page, could execute arbitrary code and gain full control of the system.

A remote attacker, who successfully exploits the CVE-2021-30561 by causing heap corruption in V8 via a crafted HTML page, could execute arbitrary code and gain full control of the system.

A remote attacker, who successfully exploits the CVE-2021-30562 by causing heap corruption in WebSerial via a crafted HTML page, could execute arbitrary code and gain full control of the system.

A remote attacker, who successfully exploits the CVE-2021-30563 by causing heap corruption in V8 via a crafted HTML page, could execute arbitrary code and gain full control of the system.

A remote attacker, who successfully exploits the CVE-2021-30564 by causing heap corruption in WebXR via a crafted HTML page, could execute arbitrary code and gain full control of the system.

Solution (Update)

To defend against possible attacks due to these vulnerabilities, Google Chrome needs to be updated to the stable version 91.0.4472.164.

Normally, Chrome updates in the background when it is closed and reopened. However, if it has not been closed for a while, there might be pending updates. To check for pending updates, you can click More (Three vertical dots) on the top right of the Chrome browser.

If security were all that mattered, computers would never be turned on, let alone hooked into a network with literally millions of potential intruders.

Dan Farmer

Read more educational and inspirational cyber quotes at our page 100+ Best Cyber Security & Hacker Quotes.

References to Advisories, Solutions and Tools

• Google Chrome Releases Blog (Stable Channel Update for Desktop)

To learn more about security vulnerabilities, you could also read our articles What is a Security Vulnerability? or What is Vulnerability Scanning?