CrowdStrike Update Causes BSOD Issues Globally – Audit Available 🛡️ Learn more

TRY NOW
Vulnerability

Multiple Vulnerabilities within Google Chrome – Audit Now!

3 min. read
21/04/2021
By Nils Macharis
Google Chrome Vulnerability

Type Confusion Vulnerability Publicly Exploited in the Wild

There are multiple arbitrary code execution vulnerabilities detected in Google Chrome (versions prior to 90.0.4430.85). The most critical one could allow for arbitrary code execution due to a type confusion error. If an attacker has admin privileges within the application, they can view all your data or even worse: delete it. Fortunately, there are no reports of these vulnerabilities being exploited in the wild.

⚡ TL;DR | Go Straight to the Google Chrome 90 Vulnerability Audit Report

CVE-2021-21222

Heap-based buffer overflow (CVE-2021-21222) could allow an attacker to access your vulnerable system. This happens because of a boundary error when the V8 browser engine processes untrusted HTML. The attacker would trick the user into opening a malicious web page which triggers the heap-based buffer. It can be exploited by a remote and non-authenticated attacker.

CVE-2021-21223

The remote attacker could execute arbitrary code (CVE-2021-21223) on your system. It’s a vulnerability that exists in the v8 browser engine of Google Chrome caused by integer overflow. Again, a victim will be tricked into opening a malicious web page, triggering the integer overflow and execute arbitrary code. It can be exploited by a remote and non-authenticated attacker.

CVE-2021-21224

CVE-2021-21224 is a vulnerability allowing an attacker to execute arbitrary code. This exists because of a Type Confusion error in the v8 browser engine. Via tricking you into opening a malicious web page, it can trigger the Type Confusion and execute the arbitrary code. It can lead to a complete compromise of your system and is actively exploited in the wild. It can be exploited by a remote and non-authenticated attacker.

Get Started with Lansweeper

Discover assets you don’t even know about and learn why Lansweeper is used by thousands of organizations worldwide.

TRY NOW

CVE-2021-21225

This Out-of-bounds write vulnerability (CVE-2021-21225) will compromise your entire system when executed. It exists because of a boundary error within the v8 browser engines of Google Chrome when processing untrusted input. They try to get access by you opening a malicious web page to trigger the out-of-bounds write. It can be exploited by a remote and non-authenticated attacker.

CVE-2021-21226

This is a user-after-free error vulnerability (CVE-2021-21226) that exists in the navigation component of Google Chrome. If an attacker tricks you into opening a malicious web page, it will trigger the use-after-free error. This will execute arbitrary code on your system. It can be exploited by a remote and non-authenticated attacker.

Run the Chrome Vulnerability Audit Report

Our security experts have issued a dedicated Google Chrome Audit Report that gives you an overview of all affected devices and their patch status.

NO CREDIT CARD REQUIRED

Ready to get started?
You’ll be up and running in no time.

Explore all our features, free for 14 days.