Rewterz Threat Advisory – Multiple Apache Vulnerabilities
September 22, 2021Rewterz Threat Alert – RedLine Malware – Active IOCs
September 22, 2021Rewterz Threat Advisory – Multiple Apache Vulnerabilities
September 22, 2021Rewterz Threat Alert – RedLine Malware – Active IOCs
September 22, 2021Severity
High
Analysis Summary
CVE-2021-37972
Google Chrome could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in libjpeg-turbo. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVE-2021-37971
Google Chrome could allow a remote attacker to bypass security restrictions, caused by incorrect security UI in Web Browser UI. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2021-37970
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in File System API. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2021-37969
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Google Updater. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2021-37968
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Background Fetch API. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2021-37967
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Background Fetch API. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2021-37966
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Compositing. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2021-37965
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Background Fetch API. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2021-37964
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in ChromeOS Networking. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2021-37963
Google Chrome could allow a remote attacker to obtain sensitive information, caused by a side-channel information leakage in DevTools. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVE-2021-37962
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Performance Manager. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2021-37961
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Tab Strip. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2021-37960
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Blink graphics. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2021-37959
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Task Manager. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2021-37957
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in WebGPU. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2021-37958
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Navigation. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2021-37956
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Offline use. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
Impact
- Information Disclosure
- Security Bypass
- Code Execution
Affected Vendors
Affected Products
- Google Chrome 94
Remediation
Upgrade to the latest version of Chrome, available from the Google Chrome Web site.