Multiple Vulnerabilities within Google Chrome – Audit Now!

Type Confusion Vulnerability Publicly Exploited in the Wild

There are multiple arbitrary code execution vulnerabilities detected in Google Chrome (versions prior to 90.0.4430.85). The most critical one could allow for arbitrary code execution due to a type confusion error. If an attacker has admin privileges within the application, they can view all your data or even worse: delete it. Fortunately, there are no reports of these vulnerabilities being exploited in the wild.

⚡ TL;DR | Go Straight to the Google Chrome 90 Vulnerability Audit Report

CVE-2021-21222

Heap-based buffer overflow (CVE-2021-21222) could allow an attacker to access your vulnerable system. This happens because of a boundary error when the V8 browser engine processes untrusted HTML. The attacker would trick the user into opening a malicious web page which triggers the heap-based buffer. It can be exploited by a remote and non-authenticated attacker.

CVE-2021-21223

The remote attacker could execute arbitrary code (CVE-2021-21223) on your system. It's a vulnerability that exists in the v8 browser engine of Google Chrome caused by integer overflow. Again, a victim will be tricked into opening a malicious web page, triggering the integer overflow and execute arbitrary code. It can be exploited by a remote and non-authenticated attacker.

CVE-2021-21224

CVE-2021-21224 is a vulnerability allowing an attacker to execute arbitrary code. This exists because of a Type Confusion error in the v8 browser engine. Via tricking you into opening a malicious web page, it can trigger the Type Confusion and execute the arbitrary code. It can lead to a complete compromise of your system and is actively exploited in the wild. It can be exploited by a remote and non-authenticated attacker.

Get Started with Lansweeper

Discover assets you don't even know about and learn why Lansweeper is used by thousands of organizations worldwide.

CVE-2021-21225

This Out-of-bounds write vulnerability (CVE-2021-21225) will compromise your entire system when executed. It exists because of a boundary error within the v8 browser engines of Google Chrome when processing untrusted input. They try to get access by you opening a malicious web page to trigger the out-of-bounds write. It can be exploited by a remote and non-authenticated attacker.

CVE-2021-21226

This is a user-after-free error vulnerability (CVE-2021-21226) that exists in the navigation component of Google Chrome. If an attacker tricks you into opening a malicious web page, it will trigger the use-after-free error. This will execute arbitrary code on your system. It can be exploited by a remote and non-authenticated attacker.

Run the Chrome Vulnerability Audit Report

Our security experts have issued a dedicated Google Chrome Audit Report that gives you an overview of all affected devices and their patch status.

Receive the Latest Vulnerability Reports for FREE

  • Hidden
  • This field is for validation purposes and should be left unchanged.
Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

You may also like...

Try Lansweeper for Free

Learn why Lansweeper is used by thousands of enterprises worldwide.​