Google Chrome Zero-Day remote code execution vulnerability (CVE-2021-21220)

Advisory No: TZCERT/SA/2021/04/15

Date of First Release: 15^th April 2021

Source: Google 

Software Affected: Google Chrome (Desktop version) prior to 89.0.4389.128

Overview:

The vulnerability is caused by insufficient validation of untrusted input in google chrome’s V8 javascript rendering engine.

Description:

A remote attacker could entice a user to open a web page with specially crafted content on a vulnerable browser to exploit the vulnerability. An attacker could view, change, or delete data depending on the application’s privileges.

The impact of the exploitation depends on user rights assigned to the system. Exploitation will be less severe if few users rights are set on the system than that configured with administrative rights.

Impact:

Successful exploitation of these vulnerabilities could lead to remote code execution on the affected system.

Solution:

Google has issued security updates to address the affected products. Users and administrators are advised to apply necessary updates on Google Chrome.

References:

1. https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop.html
2. https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-google-chrome-could-allow-for-arbitrary-code-execution_2021-047/