Type Confusion Vulnerability Publicly Exploited in the Wild
There are multiple arbitrary code execution vulnerabilities detected in Google Chrome (versions prior to 90.0.4430.85). The most critical one could allow for arbitrary code execution due to a type confusion error. If an attacker has admin privileges within the application, they can view all your data or even worse: delete it. Fortunately, there are no reports of these vulnerabilities being exploited in the wild.
⚡ TL;DR | Go Straight to the Google Chrome 90 Vulnerability Audit Report
CVE-2021-21222
Heap-based buffer overflow (CVE-2021-21222) could allow an attacker to access your vulnerable system. This happens because of a boundary error when the V8 browser engine processes untrusted HTML. The attacker would trick the user into opening a malicious web page which triggers the heap-based buffer. It can be exploited by a remote and non-authenticated attacker.
CVE-2021-21223
The remote attacker could execute arbitrary code (CVE-2021-21223) on your system. It’s a vulnerability that exists in the v8 browser engine of Google Chrome caused by integer overflow. Again, a victim will be tricked into opening a malicious web page, triggering the integer overflow and execute arbitrary code. It can be exploited by a remote and non-authenticated attacker.
CVE-2021-21224
CVE-2021-21224 is a vulnerability allowing an attacker to execute arbitrary code. This exists because of a Type Confusion error in the v8 browser engine. Via tricking you into opening a malicious web page, it can trigger the Type Confusion and execute the arbitrary code. It can lead to a complete compromise of your system and is actively exploited in the wild. It can be exploited by a remote and non-authenticated attacker.
Get Started with Lansweeper
Discover assets you don’t even know about and learn why Lansweeper is used by thousands of organizations worldwide.
TRY NOWCVE-2021-21225
This Out-of-bounds write vulnerability (CVE-2021-21225) will compromise your entire system when executed. It exists because of a boundary error within the v8 browser engines of Google Chrome when processing untrusted input. They try to get access by you opening a malicious web page to trigger the out-of-bounds write. It can be exploited by a remote and non-authenticated attacker.
CVE-2021-21226
This is a user-after-free error vulnerability (CVE-2021-21226) that exists in the navigation component of Google Chrome. If an attacker tricks you into opening a malicious web page, it will trigger the use-after-free error. This will execute arbitrary code on your system. It can be exploited by a remote and non-authenticated attacker.
Run the Chrome Vulnerability Audit Report
Our security experts have issued a dedicated Google Chrome Audit Report that gives you an overview of all affected devices and their patch status.
