Rewterz Threat Alert – SNAKE Ransomware – Active IOCs
November 18, 2021Rewterz Threat Advisory – CVE-2021-43975 – Linux Kernel hw_atl_utils_fw_rpc_wait Vulnerability
November 19, 2021Rewterz Threat Alert – SNAKE Ransomware – Active IOCs
November 18, 2021Rewterz Threat Advisory – CVE-2021-43975 – Linux Kernel hw_atl_utils_fw_rpc_wait Vulnerability
November 19, 2021Severity
Medium
Analysis Summary
CVE-2021-38009
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in cache. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions
CVE-2021-38007
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a type confusion in V8. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause a denial of service or to execute arbitrary code on the system.
CVE-2021-38006
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error in storage foundation. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause a denial of service or to execute arbitrary code on the system.
CVE-2021-38005
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error in loader. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause a denial of service or to execute arbitrary code on the system.
CVE-2021-38010
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in service workers. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2021-38011
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error in storage foundation. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause a denial of service or to execute arbitrary code on the system.
CVE-2021-38012
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a type confusion in V8. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause a denial of service or to execute arbitrary code on the system.
CVE-2021-38013
Google Chrome is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by fingerprint recognition. By persuading a victim to visit a specially crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVE-2021-38014
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write in Swiftshader. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-38015
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in input. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2021-38016
Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient policy enforcement in background fetch. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2021-38017
Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient policy enforcement in iframe sandbox. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2021-38018
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in navigation. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2021-38019
Google Chrome could allow a remote attacker to bypass security restrictions, caused by nsufficient policy enforcement in CORS. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2021-38020
Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient policy enforcement in contacts picker. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2021-38021
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in referrer. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2021-38022
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in WebAuthentication. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
Impact
- Security Bypass
- Code Execution
- Buffer Overflow
Affected Vendors
Google Andriod
Affected Products
- Google Chrome 96
Remediation
Upgrade to the latest version of Chrome, available from the Google Chrome Web site.