Rewterz Threat Advisory – CVE-2021-31811; CVE-2021-31812 – Apache PDFBox Denial of Service Vulnerabilities
June 15, 2021Rewterz Threat Update – Multiple IBM Security Vulnerabilities; Fixes and Patches
June 15, 2021Rewterz Threat Advisory – CVE-2021-31811; CVE-2021-31812 – Apache PDFBox Denial of Service Vulnerabilities
June 15, 2021Rewterz Threat Update – Multiple IBM Security Vulnerabilities; Fixes and Patches
June 15, 2021Severity
High
Analysis Summary
Google ChromeOS could allow a local attacker to execute arbitrary code on the system, caused by a missing path restriction flaw in the arc-obb-mounter function. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of the “mount-obb” helper. A proof of concept is present for the exploitability of the bug.
Impact
- Remote Code Execution
- Gain Access
Affected Vendors
Affected Products
- Google Chrome OS 90.0
Remediation
Upgrade to the latest version of Chrome OS (90.0.4430.86 or later), available from the Google Chrome Website.