| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 10 |
| CVE ID | CVE-2021-21149 CVE-2021-21150 CVE-2021-21151 CVE-2021-21152 CVE-2021-21153 CVE-2021-21154 CVE-2021-21155 CVE-2021-21156 CVE-2021-21157 |
| CWE ID | CWE-121 CWE-416 CWE-122 CWE-119 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Google Chrome Client/Desktop applications / Web browsers |
| Vendor | Google, Inc. |
Risk: High
CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2021-21149
CWE-ID:
CWE-121 - Stack-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a boundary error in Data Transfer in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage, trigger a stack-based buffer overflow and execute arbitrary code on the system.
MitigationUpdate to version 88.0.4324.182.
Vulnerable software versionsGoogle Chrome: 88.0.4324.0, 88.0.4324.1, 88.0.4324.2, 88.0.4324.3, 88.0.4324.4, 88.0.4324.5, 88.0.4324.6, 88.0.4324.7, 88.0.4324.8, 88.0.4324.9, 88.0.4324.10, 88.0.4324.11, 88.0.4324.12, 88.0.4324.13, 88.0.4324.14, 88.0.4324.15, 88.0.4324.16, 88.0.4324.17, 88.0.4324.18, 88.0.4324.19, 88.0.4324.20, 88.0.4324.21, 88.0.4324.22, 88.0.4324.23, 88.0.4324.24, 88.0.4324.25, 88.0.4324.26, 88.0.4324.27, 88.0.4324.28, 88.0.4324.29, 88.0.4324.30, 88.0.4324.31, 88.0.4324.32, 88.0.4324.33, 88.0.4324.34, 88.0.4324.35, 88.0.4324.36, 88.0.4324.37, 88.0.4324.38, 88.0.4324.39, 88.0.4324.40, 88.0.4324.41, 88.0.4324.42, 88.0.4324.43, 88.0.4324.44, 88.0.4324.45, 88.0.4324.46, 88.0.4324.47, 88.0.4324.48, 88.0.4324.49, 88.0.4324.50, 88.0.4324.51, 88.0.4324.52, 88.0.4324.53, 88.0.4324.54, 88.0.4324.55, 88.0.4324.56, 88.0.4324.57, 88.0.4324.58, 88.0.4324.59, 88.0.4324.60, 88.0.4324.61, 88.0.4324.62, 88.0.4324.63, 88.0.4324.64, 88.0.4324.65, 88.0.4324.66, 88.0.4324.67, 88.0.4324.68, 88.0.4324.69, 88.0.4324.70, 88.0.4324.71, 88.0.4324.72, 88.0.4324.73, 88.0.4324.74, 88.0.4324.75, 88.0.4324.76, 88.0.4324.77, 88.0.4324.78, 88.0.4324.79, 88.0.4324.80, 88.0.4324.81, 88.0.4324.82, 88.0.4324.83, 88.0.4324.84, 88.0.4324.85, 88.0.4324.86, 88.0.4324.87, 88.0.4324.88, 88.0.4324.89, 88.0.4324.90, 88.0.4324.91, 88.0.4324.92, 88.0.4324.93, 88.0.4324.94, 88.0.4324.95, 88.0.4324.96, 88.0.4324.97, 88.0.4324.98, 88.0.4324.99, 88.0.4324.100, 88.0.4324.101, 88.0.4324.102, 88.0.4324.104, 88.0.4324.109, 88.0.4324.110, 88.0.4324.111, 88.0.4324.112, 88.0.4324.113, 88.0.4324.114, 88.0.4324.115, 88.0.4324.116, 88.0.4324.118, 88.0.4324.120, 88.0.4324.139, 88.0.4324.140, 88.0.4324.141, 88.0.4324.142, 88.0.4324.143, 88.0.4324.144, 88.0.4324.145, 88.0.4324.146, 88.0.4324.147, 88.0.4324.148, 88.0.4324.149, 88.0.4324.150, 88.0.4324.151, 88.0.4324.152, 88.0.4324.153, 88.0.4324.155, 88.0.4324.162, 88.0.4324.163, 88.0.4324.164, 88.0.4324.175, 88.0.4324.176, 88.0.4324.177, 88.0.4324.178, 88.0.4324.179, 88.0.4324.180, 88.0.4324.181
CPEhttps://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_16.html
https://crbug.com/1138143
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Risk: High
CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2021-21150
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Downloads component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate to version 88.0.4324.182.
Vulnerable software versionsGoogle Chrome: 88.0.4324.0, 88.0.4324.1, 88.0.4324.2, 88.0.4324.3, 88.0.4324.4, 88.0.4324.5, 88.0.4324.6, 88.0.4324.7, 88.0.4324.8, 88.0.4324.9, 88.0.4324.10, 88.0.4324.11, 88.0.4324.12, 88.0.4324.13, 88.0.4324.14, 88.0.4324.15, 88.0.4324.16, 88.0.4324.17, 88.0.4324.18, 88.0.4324.19, 88.0.4324.20, 88.0.4324.21, 88.0.4324.22, 88.0.4324.23, 88.0.4324.24, 88.0.4324.25, 88.0.4324.26, 88.0.4324.27, 88.0.4324.28, 88.0.4324.29, 88.0.4324.30, 88.0.4324.31, 88.0.4324.32, 88.0.4324.33, 88.0.4324.34, 88.0.4324.35, 88.0.4324.36, 88.0.4324.37, 88.0.4324.38, 88.0.4324.39, 88.0.4324.40, 88.0.4324.41, 88.0.4324.42, 88.0.4324.43, 88.0.4324.44, 88.0.4324.45, 88.0.4324.46, 88.0.4324.47, 88.0.4324.48, 88.0.4324.49, 88.0.4324.50, 88.0.4324.51, 88.0.4324.52, 88.0.4324.53, 88.0.4324.54, 88.0.4324.55, 88.0.4324.56, 88.0.4324.57, 88.0.4324.58, 88.0.4324.59, 88.0.4324.60, 88.0.4324.61, 88.0.4324.62, 88.0.4324.63, 88.0.4324.64, 88.0.4324.65, 88.0.4324.66, 88.0.4324.67, 88.0.4324.68, 88.0.4324.69, 88.0.4324.70, 88.0.4324.71, 88.0.4324.72, 88.0.4324.73, 88.0.4324.74, 88.0.4324.75, 88.0.4324.76, 88.0.4324.77, 88.0.4324.78, 88.0.4324.79, 88.0.4324.80, 88.0.4324.81, 88.0.4324.82, 88.0.4324.83, 88.0.4324.84, 88.0.4324.85, 88.0.4324.86, 88.0.4324.87, 88.0.4324.88, 88.0.4324.89, 88.0.4324.90, 88.0.4324.91, 88.0.4324.92, 88.0.4324.93, 88.0.4324.94, 88.0.4324.95, 88.0.4324.96, 88.0.4324.97, 88.0.4324.98, 88.0.4324.99, 88.0.4324.100, 88.0.4324.101, 88.0.4324.102, 88.0.4324.104, 88.0.4324.109, 88.0.4324.110, 88.0.4324.111, 88.0.4324.112, 88.0.4324.113, 88.0.4324.114, 88.0.4324.115, 88.0.4324.116, 88.0.4324.118, 88.0.4324.120, 88.0.4324.139, 88.0.4324.140, 88.0.4324.141, 88.0.4324.142, 88.0.4324.143, 88.0.4324.144, 88.0.4324.145, 88.0.4324.146, 88.0.4324.147, 88.0.4324.148, 88.0.4324.149, 88.0.4324.150, 88.0.4324.151, 88.0.4324.152, 88.0.4324.153, 88.0.4324.155, 88.0.4324.162, 88.0.4324.163, 88.0.4324.164, 88.0.4324.175, 88.0.4324.176, 88.0.4324.177, 88.0.4324.178, 88.0.4324.179, 88.0.4324.180, 88.0.4324.181
CPEhttps://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_16.html
https://crbug.com/1172192
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Risk: High
CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2021-21151
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Payments component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate to version 88.0.4324.182.
Vulnerable software versionsGoogle Chrome: 88.0.4324.0, 88.0.4324.1, 88.0.4324.2, 88.0.4324.3, 88.0.4324.4, 88.0.4324.5, 88.0.4324.6, 88.0.4324.7, 88.0.4324.8, 88.0.4324.9, 88.0.4324.10, 88.0.4324.11, 88.0.4324.12, 88.0.4324.13, 88.0.4324.14, 88.0.4324.15, 88.0.4324.16, 88.0.4324.17, 88.0.4324.18, 88.0.4324.19, 88.0.4324.20, 88.0.4324.21, 88.0.4324.22, 88.0.4324.23, 88.0.4324.24, 88.0.4324.25, 88.0.4324.26, 88.0.4324.27, 88.0.4324.28, 88.0.4324.29, 88.0.4324.30, 88.0.4324.31, 88.0.4324.32, 88.0.4324.33, 88.0.4324.34, 88.0.4324.35, 88.0.4324.36, 88.0.4324.37, 88.0.4324.38, 88.0.4324.39, 88.0.4324.40, 88.0.4324.41, 88.0.4324.42, 88.0.4324.43, 88.0.4324.44, 88.0.4324.45, 88.0.4324.46, 88.0.4324.47, 88.0.4324.48, 88.0.4324.49, 88.0.4324.50, 88.0.4324.51, 88.0.4324.52, 88.0.4324.53, 88.0.4324.54, 88.0.4324.55, 88.0.4324.56, 88.0.4324.57, 88.0.4324.58, 88.0.4324.59, 88.0.4324.60, 88.0.4324.61, 88.0.4324.62, 88.0.4324.63, 88.0.4324.64, 88.0.4324.65, 88.0.4324.66, 88.0.4324.67, 88.0.4324.68, 88.0.4324.69, 88.0.4324.70, 88.0.4324.71, 88.0.4324.72, 88.0.4324.73, 88.0.4324.74, 88.0.4324.75, 88.0.4324.76, 88.0.4324.77, 88.0.4324.78, 88.0.4324.79, 88.0.4324.80, 88.0.4324.81, 88.0.4324.82, 88.0.4324.83, 88.0.4324.84, 88.0.4324.85, 88.0.4324.86, 88.0.4324.87, 88.0.4324.88, 88.0.4324.89, 88.0.4324.90, 88.0.4324.91, 88.0.4324.92, 88.0.4324.93, 88.0.4324.94, 88.0.4324.95, 88.0.4324.96, 88.0.4324.97, 88.0.4324.98, 88.0.4324.99, 88.0.4324.100, 88.0.4324.101, 88.0.4324.102, 88.0.4324.104, 88.0.4324.109, 88.0.4324.110, 88.0.4324.111, 88.0.4324.112, 88.0.4324.113, 88.0.4324.114, 88.0.4324.115, 88.0.4324.116, 88.0.4324.118, 88.0.4324.120, 88.0.4324.139, 88.0.4324.140, 88.0.4324.141, 88.0.4324.142, 88.0.4324.143, 88.0.4324.144, 88.0.4324.145, 88.0.4324.146, 88.0.4324.147, 88.0.4324.148, 88.0.4324.149, 88.0.4324.150, 88.0.4324.151, 88.0.4324.152, 88.0.4324.153, 88.0.4324.155, 88.0.4324.162, 88.0.4324.163, 88.0.4324.164, 88.0.4324.175, 88.0.4324.176, 88.0.4324.177, 88.0.4324.178, 88.0.4324.179, 88.0.4324.180, 88.0.4324.181
CPEhttps://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_16.html
https://crbug.com/1165624
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Risk: High
CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2021-21152
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in Media. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate to version 88.0.4324.182.
Vulnerable software versionsGoogle Chrome: 88.0.4324.0, 88.0.4324.1, 88.0.4324.2, 88.0.4324.3, 88.0.4324.4, 88.0.4324.5, 88.0.4324.6, 88.0.4324.7, 88.0.4324.8, 88.0.4324.9, 88.0.4324.10, 88.0.4324.11, 88.0.4324.12, 88.0.4324.13, 88.0.4324.14, 88.0.4324.15, 88.0.4324.16, 88.0.4324.17, 88.0.4324.18, 88.0.4324.19, 88.0.4324.20, 88.0.4324.21, 88.0.4324.22, 88.0.4324.23, 88.0.4324.24, 88.0.4324.25, 88.0.4324.26, 88.0.4324.27, 88.0.4324.28, 88.0.4324.29, 88.0.4324.30, 88.0.4324.31, 88.0.4324.32, 88.0.4324.33, 88.0.4324.34, 88.0.4324.35, 88.0.4324.36, 88.0.4324.37, 88.0.4324.38, 88.0.4324.39, 88.0.4324.40, 88.0.4324.41, 88.0.4324.42, 88.0.4324.43, 88.0.4324.44, 88.0.4324.45, 88.0.4324.46, 88.0.4324.47, 88.0.4324.48, 88.0.4324.49, 88.0.4324.50, 88.0.4324.51, 88.0.4324.52, 88.0.4324.53, 88.0.4324.54, 88.0.4324.55, 88.0.4324.56, 88.0.4324.57, 88.0.4324.58, 88.0.4324.59, 88.0.4324.60, 88.0.4324.61, 88.0.4324.62, 88.0.4324.63, 88.0.4324.64, 88.0.4324.65, 88.0.4324.66, 88.0.4324.67, 88.0.4324.68, 88.0.4324.69, 88.0.4324.70, 88.0.4324.71, 88.0.4324.72, 88.0.4324.73, 88.0.4324.74, 88.0.4324.75, 88.0.4324.76, 88.0.4324.77, 88.0.4324.78, 88.0.4324.79, 88.0.4324.80, 88.0.4324.81, 88.0.4324.82, 88.0.4324.83, 88.0.4324.84, 88.0.4324.85, 88.0.4324.86, 88.0.4324.87, 88.0.4324.88, 88.0.4324.89, 88.0.4324.90, 88.0.4324.91, 88.0.4324.92, 88.0.4324.93, 88.0.4324.94, 88.0.4324.95, 88.0.4324.96, 88.0.4324.97, 88.0.4324.98, 88.0.4324.99, 88.0.4324.100, 88.0.4324.101, 88.0.4324.102, 88.0.4324.104, 88.0.4324.109, 88.0.4324.110, 88.0.4324.111, 88.0.4324.112, 88.0.4324.113, 88.0.4324.114, 88.0.4324.115, 88.0.4324.116, 88.0.4324.118, 88.0.4324.120, 88.0.4324.139, 88.0.4324.140, 88.0.4324.141, 88.0.4324.142, 88.0.4324.143, 88.0.4324.144, 88.0.4324.145, 88.0.4324.146, 88.0.4324.147, 88.0.4324.148, 88.0.4324.149, 88.0.4324.150, 88.0.4324.151, 88.0.4324.152, 88.0.4324.153, 88.0.4324.155, 88.0.4324.162, 88.0.4324.163, 88.0.4324.164, 88.0.4324.175, 88.0.4324.176, 88.0.4324.177, 88.0.4324.178, 88.0.4324.179, 88.0.4324.180, 88.0.4324.181
CPEhttps://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_16.html
https://crbug.com/1166504
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Risk: High
CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2021-21153
CWE-ID:
CWE-121 - Stack-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a boundary error in GPU Process in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage, trigger a stack-based buffer overflow and execute arbitrary code on the system.
MitigationUpdate to version 88.0.4324.182.
Vulnerable software versionsGoogle Chrome: 88.0.4324.0, 88.0.4324.1, 88.0.4324.2, 88.0.4324.3, 88.0.4324.4, 88.0.4324.5, 88.0.4324.6, 88.0.4324.7, 88.0.4324.8, 88.0.4324.9, 88.0.4324.10, 88.0.4324.11, 88.0.4324.12, 88.0.4324.13, 88.0.4324.14, 88.0.4324.15, 88.0.4324.16, 88.0.4324.17, 88.0.4324.18, 88.0.4324.19, 88.0.4324.20, 88.0.4324.21, 88.0.4324.22, 88.0.4324.23, 88.0.4324.24, 88.0.4324.25, 88.0.4324.26, 88.0.4324.27, 88.0.4324.28, 88.0.4324.29, 88.0.4324.30, 88.0.4324.31, 88.0.4324.32, 88.0.4324.33, 88.0.4324.34, 88.0.4324.35, 88.0.4324.36, 88.0.4324.37, 88.0.4324.38, 88.0.4324.39, 88.0.4324.40, 88.0.4324.41, 88.0.4324.42, 88.0.4324.43, 88.0.4324.44, 88.0.4324.45, 88.0.4324.46, 88.0.4324.47, 88.0.4324.48, 88.0.4324.49, 88.0.4324.50, 88.0.4324.51, 88.0.4324.52, 88.0.4324.53, 88.0.4324.54, 88.0.4324.55, 88.0.4324.56, 88.0.4324.57, 88.0.4324.58, 88.0.4324.59, 88.0.4324.60, 88.0.4324.61, 88.0.4324.62, 88.0.4324.63, 88.0.4324.64, 88.0.4324.65, 88.0.4324.66, 88.0.4324.67, 88.0.4324.68, 88.0.4324.69, 88.0.4324.70, 88.0.4324.71, 88.0.4324.72, 88.0.4324.73, 88.0.4324.74, 88.0.4324.75, 88.0.4324.76, 88.0.4324.77, 88.0.4324.78, 88.0.4324.79, 88.0.4324.80, 88.0.4324.81, 88.0.4324.82, 88.0.4324.83, 88.0.4324.84, 88.0.4324.85, 88.0.4324.86, 88.0.4324.87, 88.0.4324.88, 88.0.4324.89, 88.0.4324.90, 88.0.4324.91, 88.0.4324.92, 88.0.4324.93, 88.0.4324.94, 88.0.4324.95, 88.0.4324.96, 88.0.4324.97, 88.0.4324.98, 88.0.4324.99, 88.0.4324.100, 88.0.4324.101, 88.0.4324.102, 88.0.4324.104, 88.0.4324.109, 88.0.4324.110, 88.0.4324.111, 88.0.4324.112, 88.0.4324.113, 88.0.4324.114, 88.0.4324.115, 88.0.4324.116, 88.0.4324.118, 88.0.4324.120, 88.0.4324.139, 88.0.4324.140, 88.0.4324.141, 88.0.4324.142, 88.0.4324.143, 88.0.4324.144, 88.0.4324.145, 88.0.4324.146, 88.0.4324.147, 88.0.4324.148, 88.0.4324.149, 88.0.4324.150, 88.0.4324.151, 88.0.4324.152, 88.0.4324.153, 88.0.4324.155, 88.0.4324.162, 88.0.4324.163, 88.0.4324.164, 88.0.4324.175, 88.0.4324.176, 88.0.4324.177, 88.0.4324.178, 88.0.4324.179, 88.0.4324.180, 88.0.4324.181
CPEhttps://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_16.html
https://crbug.com/1155974
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Risk: High
CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2021-21154
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in Tab Strip . A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate to version 88.0.4324.182.
Vulnerable software versionsGoogle Chrome: 88.0.4324.0, 88.0.4324.1, 88.0.4324.2, 88.0.4324.3, 88.0.4324.4, 88.0.4324.5, 88.0.4324.6, 88.0.4324.7, 88.0.4324.8, 88.0.4324.9, 88.0.4324.10, 88.0.4324.11, 88.0.4324.12, 88.0.4324.13, 88.0.4324.14, 88.0.4324.15, 88.0.4324.16, 88.0.4324.17, 88.0.4324.18, 88.0.4324.19, 88.0.4324.20, 88.0.4324.21, 88.0.4324.22, 88.0.4324.23, 88.0.4324.24, 88.0.4324.25, 88.0.4324.26, 88.0.4324.27, 88.0.4324.28, 88.0.4324.29, 88.0.4324.30, 88.0.4324.31, 88.0.4324.32, 88.0.4324.33, 88.0.4324.34, 88.0.4324.35, 88.0.4324.36, 88.0.4324.37, 88.0.4324.38, 88.0.4324.39, 88.0.4324.40, 88.0.4324.41, 88.0.4324.42, 88.0.4324.43, 88.0.4324.44, 88.0.4324.45, 88.0.4324.46, 88.0.4324.47, 88.0.4324.48, 88.0.4324.49, 88.0.4324.50, 88.0.4324.51, 88.0.4324.52, 88.0.4324.53, 88.0.4324.54, 88.0.4324.55, 88.0.4324.56, 88.0.4324.57, 88.0.4324.58, 88.0.4324.59, 88.0.4324.60, 88.0.4324.61, 88.0.4324.62, 88.0.4324.63, 88.0.4324.64, 88.0.4324.65, 88.0.4324.66, 88.0.4324.67, 88.0.4324.68, 88.0.4324.69, 88.0.4324.70, 88.0.4324.71, 88.0.4324.72, 88.0.4324.73, 88.0.4324.74, 88.0.4324.75, 88.0.4324.76, 88.0.4324.77, 88.0.4324.78, 88.0.4324.79, 88.0.4324.80, 88.0.4324.81, 88.0.4324.82, 88.0.4324.83, 88.0.4324.84, 88.0.4324.85, 88.0.4324.86, 88.0.4324.87, 88.0.4324.88, 88.0.4324.89, 88.0.4324.90, 88.0.4324.91, 88.0.4324.92, 88.0.4324.93, 88.0.4324.94, 88.0.4324.95, 88.0.4324.96, 88.0.4324.97, 88.0.4324.98, 88.0.4324.99, 88.0.4324.100, 88.0.4324.101, 88.0.4324.102, 88.0.4324.104, 88.0.4324.109, 88.0.4324.110, 88.0.4324.111, 88.0.4324.112, 88.0.4324.113, 88.0.4324.114, 88.0.4324.115, 88.0.4324.116, 88.0.4324.118, 88.0.4324.120, 88.0.4324.139, 88.0.4324.140, 88.0.4324.141, 88.0.4324.142, 88.0.4324.143, 88.0.4324.144, 88.0.4324.145, 88.0.4324.146, 88.0.4324.147, 88.0.4324.148, 88.0.4324.149, 88.0.4324.150, 88.0.4324.151, 88.0.4324.152, 88.0.4324.153, 88.0.4324.155, 88.0.4324.162, 88.0.4324.163, 88.0.4324.164, 88.0.4324.175, 88.0.4324.176, 88.0.4324.177, 88.0.4324.178, 88.0.4324.179, 88.0.4324.180, 88.0.4324.181
CPEhttps://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_16.html
https://crbug.com/1173269
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Risk: High
CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2021-21155
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in Tab Strip . A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate to version 88.0.4324.182.
Vulnerable software versionsGoogle Chrome: 88.0.4324.0, 88.0.4324.1, 88.0.4324.2, 88.0.4324.3, 88.0.4324.4, 88.0.4324.5, 88.0.4324.6, 88.0.4324.7, 88.0.4324.8, 88.0.4324.9, 88.0.4324.10, 88.0.4324.11, 88.0.4324.12, 88.0.4324.13, 88.0.4324.14, 88.0.4324.15, 88.0.4324.16, 88.0.4324.17, 88.0.4324.18, 88.0.4324.19, 88.0.4324.20, 88.0.4324.21, 88.0.4324.22, 88.0.4324.23, 88.0.4324.24, 88.0.4324.25, 88.0.4324.26, 88.0.4324.27, 88.0.4324.28, 88.0.4324.29, 88.0.4324.30, 88.0.4324.31, 88.0.4324.32, 88.0.4324.33, 88.0.4324.34, 88.0.4324.35, 88.0.4324.36, 88.0.4324.37, 88.0.4324.38, 88.0.4324.39, 88.0.4324.40, 88.0.4324.41, 88.0.4324.42, 88.0.4324.43, 88.0.4324.44, 88.0.4324.45, 88.0.4324.46, 88.0.4324.47, 88.0.4324.48, 88.0.4324.49, 88.0.4324.50, 88.0.4324.51, 88.0.4324.52, 88.0.4324.53, 88.0.4324.54, 88.0.4324.55, 88.0.4324.56, 88.0.4324.57, 88.0.4324.58, 88.0.4324.59, 88.0.4324.60, 88.0.4324.61, 88.0.4324.62, 88.0.4324.63, 88.0.4324.64, 88.0.4324.65, 88.0.4324.66, 88.0.4324.67, 88.0.4324.68, 88.0.4324.69, 88.0.4324.70, 88.0.4324.71, 88.0.4324.72, 88.0.4324.73, 88.0.4324.74, 88.0.4324.75, 88.0.4324.76, 88.0.4324.77, 88.0.4324.78, 88.0.4324.79, 88.0.4324.80, 88.0.4324.81, 88.0.4324.82, 88.0.4324.83, 88.0.4324.84, 88.0.4324.85, 88.0.4324.86, 88.0.4324.87, 88.0.4324.88, 88.0.4324.89, 88.0.4324.90, 88.0.4324.91, 88.0.4324.92, 88.0.4324.93, 88.0.4324.94, 88.0.4324.95, 88.0.4324.96, 88.0.4324.97, 88.0.4324.98, 88.0.4324.99, 88.0.4324.100, 88.0.4324.101, 88.0.4324.102, 88.0.4324.104, 88.0.4324.109, 88.0.4324.110, 88.0.4324.111, 88.0.4324.112, 88.0.4324.113, 88.0.4324.114, 88.0.4324.115, 88.0.4324.116, 88.0.4324.118, 88.0.4324.120, 88.0.4324.139, 88.0.4324.140, 88.0.4324.141, 88.0.4324.142, 88.0.4324.143, 88.0.4324.144, 88.0.4324.145, 88.0.4324.146, 88.0.4324.147, 88.0.4324.148, 88.0.4324.149, 88.0.4324.150, 88.0.4324.151, 88.0.4324.152, 88.0.4324.153, 88.0.4324.155, 88.0.4324.162, 88.0.4324.163, 88.0.4324.164, 88.0.4324.175, 88.0.4324.176, 88.0.4324.177, 88.0.4324.178, 88.0.4324.179, 88.0.4324.180, 88.0.4324.181
CPEhttps://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_16.html
https://crbug.com/1175500
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Risk: High
CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2021-21156
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in V8. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate to version 88.0.4324.182.
Vulnerable software versionsGoogle Chrome: 88.0.4324.0, 88.0.4324.1, 88.0.4324.2, 88.0.4324.3, 88.0.4324.4, 88.0.4324.5, 88.0.4324.6, 88.0.4324.7, 88.0.4324.8, 88.0.4324.9, 88.0.4324.10, 88.0.4324.11, 88.0.4324.12, 88.0.4324.13, 88.0.4324.14, 88.0.4324.15, 88.0.4324.16, 88.0.4324.17, 88.0.4324.18, 88.0.4324.19, 88.0.4324.20, 88.0.4324.21, 88.0.4324.22, 88.0.4324.23, 88.0.4324.24, 88.0.4324.25, 88.0.4324.26, 88.0.4324.27, 88.0.4324.28, 88.0.4324.29, 88.0.4324.30, 88.0.4324.31, 88.0.4324.32, 88.0.4324.33, 88.0.4324.34, 88.0.4324.35, 88.0.4324.36, 88.0.4324.37, 88.0.4324.38, 88.0.4324.39, 88.0.4324.40, 88.0.4324.41, 88.0.4324.42, 88.0.4324.43, 88.0.4324.44, 88.0.4324.45, 88.0.4324.46, 88.0.4324.47, 88.0.4324.48, 88.0.4324.49, 88.0.4324.50, 88.0.4324.51, 88.0.4324.52, 88.0.4324.53, 88.0.4324.54, 88.0.4324.55, 88.0.4324.56, 88.0.4324.57, 88.0.4324.58, 88.0.4324.59, 88.0.4324.60, 88.0.4324.61, 88.0.4324.62, 88.0.4324.63, 88.0.4324.64, 88.0.4324.65, 88.0.4324.66, 88.0.4324.67, 88.0.4324.68, 88.0.4324.69, 88.0.4324.70, 88.0.4324.71, 88.0.4324.72, 88.0.4324.73, 88.0.4324.74, 88.0.4324.75, 88.0.4324.76, 88.0.4324.77, 88.0.4324.78, 88.0.4324.79, 88.0.4324.80, 88.0.4324.81, 88.0.4324.82, 88.0.4324.83, 88.0.4324.84, 88.0.4324.85, 88.0.4324.86, 88.0.4324.87, 88.0.4324.88, 88.0.4324.89, 88.0.4324.90, 88.0.4324.91, 88.0.4324.92, 88.0.4324.93, 88.0.4324.94, 88.0.4324.95, 88.0.4324.96, 88.0.4324.97, 88.0.4324.98, 88.0.4324.99, 88.0.4324.100, 88.0.4324.101, 88.0.4324.102, 88.0.4324.104, 88.0.4324.109, 88.0.4324.110, 88.0.4324.111, 88.0.4324.112, 88.0.4324.113, 88.0.4324.114, 88.0.4324.115, 88.0.4324.116, 88.0.4324.118, 88.0.4324.120, 88.0.4324.139, 88.0.4324.140, 88.0.4324.141, 88.0.4324.142, 88.0.4324.143, 88.0.4324.144, 88.0.4324.145, 88.0.4324.146, 88.0.4324.147, 88.0.4324.148, 88.0.4324.149, 88.0.4324.150, 88.0.4324.151, 88.0.4324.152, 88.0.4324.153, 88.0.4324.155, 88.0.4324.162, 88.0.4324.163, 88.0.4324.164, 88.0.4324.175, 88.0.4324.176, 88.0.4324.177, 88.0.4324.178, 88.0.4324.179, 88.0.4324.180, 88.0.4324.181
CPEhttps://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_16.html
https://crbug.com/1177341
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Risk: Medium
CVSSv3: 5.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2021-21157
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Web Sockets in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate to version 88.0.4324.182.
Vulnerable software versionsGoogle Chrome: 88.0.4324.0, 88.0.4324.1, 88.0.4324.2, 88.0.4324.3, 88.0.4324.4, 88.0.4324.5, 88.0.4324.6, 88.0.4324.7, 88.0.4324.8, 88.0.4324.9, 88.0.4324.10, 88.0.4324.11, 88.0.4324.12, 88.0.4324.13, 88.0.4324.14, 88.0.4324.15, 88.0.4324.16, 88.0.4324.17, 88.0.4324.18, 88.0.4324.19, 88.0.4324.20, 88.0.4324.21, 88.0.4324.22, 88.0.4324.23, 88.0.4324.24, 88.0.4324.25, 88.0.4324.26, 88.0.4324.27, 88.0.4324.28, 88.0.4324.29, 88.0.4324.30, 88.0.4324.31, 88.0.4324.32, 88.0.4324.33, 88.0.4324.34, 88.0.4324.35, 88.0.4324.36, 88.0.4324.37, 88.0.4324.38, 88.0.4324.39, 88.0.4324.40, 88.0.4324.41, 88.0.4324.42, 88.0.4324.43, 88.0.4324.44, 88.0.4324.45, 88.0.4324.46, 88.0.4324.47, 88.0.4324.48, 88.0.4324.49, 88.0.4324.50, 88.0.4324.51, 88.0.4324.52, 88.0.4324.53, 88.0.4324.54, 88.0.4324.55, 88.0.4324.56, 88.0.4324.57, 88.0.4324.58, 88.0.4324.59, 88.0.4324.60, 88.0.4324.61, 88.0.4324.62, 88.0.4324.63, 88.0.4324.64, 88.0.4324.65, 88.0.4324.66, 88.0.4324.67, 88.0.4324.68, 88.0.4324.69, 88.0.4324.70, 88.0.4324.71, 88.0.4324.72, 88.0.4324.73, 88.0.4324.74, 88.0.4324.75, 88.0.4324.76, 88.0.4324.77, 88.0.4324.78, 88.0.4324.79, 88.0.4324.80, 88.0.4324.81, 88.0.4324.82, 88.0.4324.83, 88.0.4324.84, 88.0.4324.85, 88.0.4324.86, 88.0.4324.87, 88.0.4324.88, 88.0.4324.89, 88.0.4324.90, 88.0.4324.91, 88.0.4324.92, 88.0.4324.93, 88.0.4324.94, 88.0.4324.95, 88.0.4324.96, 88.0.4324.97, 88.0.4324.98, 88.0.4324.99, 88.0.4324.100, 88.0.4324.101, 88.0.4324.102, 88.0.4324.104, 88.0.4324.109, 88.0.4324.110, 88.0.4324.111, 88.0.4324.112, 88.0.4324.113, 88.0.4324.114, 88.0.4324.115, 88.0.4324.116, 88.0.4324.118, 88.0.4324.120, 88.0.4324.139, 88.0.4324.140, 88.0.4324.141, 88.0.4324.142, 88.0.4324.143, 88.0.4324.144, 88.0.4324.145, 88.0.4324.146, 88.0.4324.147, 88.0.4324.148, 88.0.4324.149, 88.0.4324.150, 88.0.4324.151, 88.0.4324.152, 88.0.4324.153, 88.0.4324.155, 88.0.4324.162, 88.0.4324.163, 88.0.4324.164, 88.0.4324.175, 88.0.4324.176, 88.0.4324.177, 88.0.4324.178, 88.0.4324.179, 88.0.4324.180, 88.0.4324.181
CPEhttps://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_16.html
https://crbug.com/1170657
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Risk: High
CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: N/A
CWE-ID:
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Chrome: 88.0.4324.0, 88.0.4324.1, 88.0.4324.2, 88.0.4324.3, 88.0.4324.4, 88.0.4324.5, 88.0.4324.6, 88.0.4324.7, 88.0.4324.8, 88.0.4324.9, 88.0.4324.10, 88.0.4324.11, 88.0.4324.12, 88.0.4324.13, 88.0.4324.14, 88.0.4324.15, 88.0.4324.16, 88.0.4324.17, 88.0.4324.18, 88.0.4324.19, 88.0.4324.20, 88.0.4324.21, 88.0.4324.22, 88.0.4324.23, 88.0.4324.24, 88.0.4324.25, 88.0.4324.26, 88.0.4324.27, 88.0.4324.28, 88.0.4324.29, 88.0.4324.30, 88.0.4324.31, 88.0.4324.32, 88.0.4324.33, 88.0.4324.34, 88.0.4324.35, 88.0.4324.36, 88.0.4324.37, 88.0.4324.38, 88.0.4324.39, 88.0.4324.40, 88.0.4324.41, 88.0.4324.42, 88.0.4324.43, 88.0.4324.44, 88.0.4324.45, 88.0.4324.46, 88.0.4324.47, 88.0.4324.48, 88.0.4324.49, 88.0.4324.50, 88.0.4324.51, 88.0.4324.52, 88.0.4324.53, 88.0.4324.54, 88.0.4324.55, 88.0.4324.56, 88.0.4324.57, 88.0.4324.58, 88.0.4324.59, 88.0.4324.60, 88.0.4324.61, 88.0.4324.62, 88.0.4324.63, 88.0.4324.64, 88.0.4324.65, 88.0.4324.66, 88.0.4324.67, 88.0.4324.68, 88.0.4324.69, 88.0.4324.70, 88.0.4324.71, 88.0.4324.72, 88.0.4324.73, 88.0.4324.74, 88.0.4324.75, 88.0.4324.76, 88.0.4324.77, 88.0.4324.78, 88.0.4324.79, 88.0.4324.80, 88.0.4324.81, 88.0.4324.82, 88.0.4324.83, 88.0.4324.84, 88.0.4324.85, 88.0.4324.86, 88.0.4324.87, 88.0.4324.88, 88.0.4324.89, 88.0.4324.90, 88.0.4324.91, 88.0.4324.92, 88.0.4324.93, 88.0.4324.94, 88.0.4324.95, 88.0.4324.96, 88.0.4324.97, 88.0.4324.98, 88.0.4324.99, 88.0.4324.100, 88.0.4324.101, 88.0.4324.102, 88.0.4324.104, 88.0.4324.109, 88.0.4324.110, 88.0.4324.111, 88.0.4324.112, 88.0.4324.113, 88.0.4324.114, 88.0.4324.115, 88.0.4324.116, 88.0.4324.118, 88.0.4324.120, 88.0.4324.139, 88.0.4324.140, 88.0.4324.141, 88.0.4324.142, 88.0.4324.143, 88.0.4324.144, 88.0.4324.145, 88.0.4324.146, 88.0.4324.147, 88.0.4324.148, 88.0.4324.149, 88.0.4324.150, 88.0.4324.151, 88.0.4324.152, 88.0.4324.153, 88.0.4324.155, 88.0.4324.162, 88.0.4324.163, 88.0.4324.164, 88.0.4324.175, 88.0.4324.176, 88.0.4324.177, 88.0.4324.178, 88.0.4324.179, 88.0.4324.180, 88.0.4324.181
CPEhttps://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_16.html
https://crbug.com/1178973
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.