Rewterz Threat Advisory – Multiple Apple iOS and iPadOS Vulnerabilities
December 14, 2021Rewterz Threat Alert – Donot APT Group – Active IOCs
December 14, 2021Severity
High
Analysis Summary
CVE-2021-4102
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in V8. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2021-4101
Google Chrome is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by Swiftshader. By persuading a victim to visit a specially crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVE-2021-4100
Google Chrome could allow a remote attacker to bypass security restrictions, caused by Object lifecycle issue in ANGLE. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2021-4099
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Swiftshader. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2021-4098
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by an insufficient data validation in Mojo. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause a denial of service or to execute arbitrary code on the system.
Impact
- Security Bypass
- Code Execution
- Buffer Overflow
Affected Vendors
Affected Products
- Google Chrome 96
Remediation
Upgrade to the latest version of Chrome, available from the Google Chrome Web site.