A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site
Home / security-advisories / Google Chrome Zero-Day remote code execution vulnerability (CVE-2021-21220)

Google Chrome Zero-Day remote code execution vulnerability (CVE-2021-21220)

Advisory No: TZCERT/SA/2021/04/15

Date of First Release: 15th April 2021

Source: Google 

Software Affected: Google Chrome (Desktop version) prior to 89.0.4389.128

Overview:

The vulnerability is caused by insufficient validation of untrusted input in google chrome’s V8 javascript rendering engine.

Description:

A remote attacker could entice a user to open a web page with specially crafted content on a vulnerable browser to exploit the vulnerability. An attacker could view, change, or delete data depending on the application’s privileges.

The impact of the exploitation depends on user rights assigned to the system. Exploitation will be less severe if few users rights are set on the system than that configured with administrative rights.

Impact:

Successful exploitation of these vulnerabilities could lead to remote code execution on the affected system.

Solution:

Google has issued security updates to address the affected products. Users and administrators are advised to apply necessary updates on Google Chrome.

References:

  1. https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop.html
  2. https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-google-chrome-could-allow-for-arbitrary-code-execution_2021-047/

Check Also

Microsoft Exchange Server Zero-Day remote code execution vulnerabilities (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065)

Advisory No: TZCERT/SA/2021/03/04 Date of First Release: 04th March 2021 Source: Microsoft Software Affected:  Microsoft Exchange Server 2013Microsoft Exchange …