Rewterz Threat Advisory – Multiple Google Chrome Security Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2021-30539

Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient policy enforcement in content security policy. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2021-30538

Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient policy enforcement in content security policy. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2021-30537

Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient policy enforcement in cookies. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2021-30536

Google Chrome could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in V8. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to obtain sensitive information.

CVE-2021-30534

Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient policy enforcement in iFrameSandbox. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

Impact

• Bypass Security
• Information disclosure

Affected Vendors

Google

Affected Products

Google Chrome 91

Remediation

Upgrade to the latest version of Chome (91.0.4472.77 or later).