Multiple vulnerabilities in Google Chrome
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 10 |
| CVE-ID | CVE-2021-30544 CVE-2021-30545 CVE-2021-30546 CVE-2021-30547 CVE-2021-30548 CVE-2021-30549 CVE-2021-30550 CVE-2021-30551 CVE-2021-30552 CVE-2021-30553 |
| CWE-ID | CWE-416 CWE-787 CWE-843 |
| Exploitation vector | Network |
| Public exploit | Vulnerability #8 is being exploited in the wild. |
| Vulnerable software Subscribe |
Google Chrome Client/Desktop applications / Web browsers |
| Vendor |
Security Bulletin
This security bulletin contains information about 10 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU53999
Risk: High
CVSSv3.1:
CVE-ID: CVE-2021-30544
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the BFCache component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 87.0.4280.66 - 91.0.4472.77
Fixed software versionsCPE2.3 External links
http://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
2) Use-after-free
EUVDB-ID: #VU54000
Risk: High
CVSSv3.1:
CVE-ID: CVE-2021-30545
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Extensions component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 87.0.4280.66 - 91.0.4472.77
Fixed software versionsCPE2.3 External links
http://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
3) Use-after-free
EUVDB-ID: #VU54001
Risk: High
CVSSv3.1:
CVE-ID: CVE-2021-30546
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Autofill component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 87.0.4280.66 - 91.0.4472.77
Fixed software versionsCPE2.3 External links
http://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
4) Out-of-bounds write
EUVDB-ID: #VU54002
Risk: High
CVSSv3.1:
CVE-ID: CVE-2021-30547
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in ANGLE. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 87.0.4280.66 - 91.0.4472.77
Fixed software versionsCPE2.3 External links
http://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
5) Use-after-free
EUVDB-ID: #VU54003
Risk: High
CVSSv3.1:
CVE-ID: CVE-2021-30548
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Loader component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 87.0.4280.66 - 91.0.4472.77
Fixed software versionsCPE2.3 External links
http://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
6) Use-after-free
EUVDB-ID: #VU54004
Risk: High
CVSSv3.1:
CVE-ID: CVE-2021-30549
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Spell check component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 87.0.4280.66 - 91.0.4472.77
Fixed software versionsCPE2.3 External links
http://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
7) Use-after-free
EUVDB-ID: #VU54005
Risk: High
CVSSv3.1:
CVE-ID: CVE-2021-30550
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Accessibility component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 87.0.4280.66 - 91.0.4472.77
Fixed software versionsCPE2.3 External links
http://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
8) Type Confusion
EUVDB-ID: #VU54006
Risk: Critical
CVSSv3.1:
CVE-ID: CVE-2021-30551
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Install update from vendor's website.
Vulnerable software versionsGoogle Chrome: 87.0.4280.66 - 91.0.4472.77
Fixed software versionsCPE2.3 External links
http://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
9) Use-after-free
EUVDB-ID: #VU54007
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-30552
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Extensions in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 87.0.4280.66 - 91.0.4472.77
Fixed software versionsCPE2.3 External links
http://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
10) Use-after-free
EUVDB-ID: #VU54008
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-30553
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Network service in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 87.0.4280.66 - 91.0.4472.77
Fixed software versionsCPE2.3 External links
http://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
