Rewterz Threat Advisory – Multiple Apache Vulnerabilities
April 28, 2021Rewterz Threat Alert – Trickbot Malware- Active IOCs
April 28, 2021Rewterz Threat Advisory – Multiple Apache Vulnerabilities
April 28, 2021Rewterz Threat Alert – Trickbot Malware- Active IOCs
April 28, 2021Severity
Medium
Analysis Summary
CVE-2021-21233
The Google Chrome vulnerability allows a remote attacker to overflow a buffer and execute arbitrary codes on the system. The heap-based buffer overflow is caused by improper bounds checking by ANGLE. The vulnerability could also cause the application to crash.
CVE-2021-21232
The Google Chrome vulnerability allows a remote attacker to execute arbitrary code on the system. The exploit is caused by a use-after-free in Dev Tools. A remote attacker could exploit this vulnerability by persuading the victim to visit a specially crafted website that will execute the arbitrary code or cause denial of service conditions.
CVE-2021-21231; CVE-2021-21227
The Google Chrome vulnerability allows a remote attacker to bypass security restrictions. The exploit is caused by insufficient data validation in V8. A remote attacker could exploit this vulnerability by persuading the victim to visit a specially crafted website that will bypass security restrictions.
CVE-2021-21230
The Google Chrome vulnerability allows a remote attacker to execute arbitrary code on the system. The exploit is caused by a type confusion in V8. A remote attacker could exploit this vulnerability by persuading the victim to visit a specially crafted website that will execute the arbitrary code.
CVE-2021-21229
The Google Chrome vulnerability allows a remote attacker to bypass security restrictions. The exploit is caused by incorrect security UI in downloads. A remote attacker could exploit this vulnerability by persuading the victim to visit a specially crafted website that will bypass security restrictions.
CVE-2021-21228
The Google Chrome vulnerability allows a remote attacker to bypass security restrictions. The exploit is caused by insufficient policy enforcement in extensions. A remote attacker could exploit this vulnerability by persuading the victim to visit a specially crafted website that will bypass security restrictions.
Impact
- Denial of Service
- Remote Code Execution
- Security Bypass
Affected Vendors
Affected Products
Google Chrome 90
Remediation
Install the latest patches and upgrade to Google Chrome 90.0.4430.93 or later from https://chromereleases.googleblog.com/