Rewterz Threat Alert – Red Line Malware – Active IOCs
September 1, 2021Rewterz Threat Alert – Gamaredon APT – Active IOCs
September 1, 2021Rewterz Threat Alert – Red Line Malware – Active IOCs
September 1, 2021Rewterz Threat Alert – Gamaredon APT – Active IOCs
September 1, 2021Severity
High
Analysis Summary
CVE-2021-30624
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Autofill. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2021-30623
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Bookmarks. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2021-30622
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in WebApp Installs. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2021-30621
Google Chrome could allow a remote attacker to conduct spoofing attacks, caused by UI Spoofing in Autofill. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to perform spoofing.
CVE-2021-30620
Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient policy enforcement in Blink. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2021-30619
Google Chrome could allow a remote attacker to conduct spoofing attacks, caused by UI Spoofing in Autofill. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to perform spoofing.
CVE-2021-30618
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in DevTools. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2021-30617
Google Chrome could allow a remote attacker to bypass security restrictions, caused by a policy bypass in Blink. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2021-30616
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Media. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2021-30615
Google Chrome could allow a remote attacker to obtain sensitive information, caused by a cross-origin data leak in Navigation. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVE-2021-30614
Google Chrome is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by TabStrip. By persuading a victim to visit a specially crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVE-2021-30613
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Base internals. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2021-30612
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in WebRTC. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2021-30611
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in WebRTC. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2021-30610
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Extensions API. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2021-30609
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Sign-In. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2021-30608
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Web Share. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2021-30607
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Permissions. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2021-30606
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Blink. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
Impact
- Unauthorized Access
- Code Execution
- Spoofing
- Security Bypass
- Information Disclosure
- Buffer Overflow
Affected Vendors
Affected Products
Google Chrome 93
Remediation
Upgrade to the latest version of Chrome, available from the Google Chrome Website