Google has released a security advisory for its Chrome users on Windows, Mac, and Linux, addressing seven security vulnerabilities. However, this release is including two very critical Zero-Day exploits exploited in the wild. Hence, these google chrome security vulnerabilities are tracking as CVE-2021-38000 and CVE-2021-38003. Endpoints that have not been patched are advised to deploy patches ASAP. A good Vulnerability Management System can resolve these issues and hence keep your systems safe and secure.
The flaws were discovered and reported by the Threat Analysis Group (TAG). The other high-severity issues addressed include three Use after free vulnerabilities (CVE-2021-37997,CVE-2021-37998, CVE-2021-38002), a data validation issue (CVE-2021-37999), and a type confusion vulnerability (CVE-2021-38001).
At the time of writing, details of attacks where both zero-days exploited arent made public. A patch management solution can patch these vulnerabilities.
Zero-Day CVE-2021-38000
The wildly-exploited vulnerability exists in the Chrome intents. It arises from an insufficient validation of untrusted input in Intents. Clement Lecigne, Neel Mehta, and Maddie Stone of Google Threat Analysis Group discovered and reported this issue.
Zero-Day CVE-2021-38003
The wildly-exploited vulnerability exists in the Chrome V8 JavaScript engine. The flaw is due to an inappropriate implementation in V8. This issue discovered and reported by Clement Lecigne of Google Threat Analysis Group/
Google added in the advisory,
Google is aware that exploits for CVE-2021-38000 and CVE-2021-38003 exist in the wild.
Affected products by CVE-2021-38000
Google Chrome versions before 95.0.4638.69.
Impact of CVE-2021-38000
The vulnerabilities allow attackers to cause a program to crash, execute code, obtain potentially sensitive information, and hence, bypass security restrictions on the affected system.
Solution
Google has released security updates addressing the issue in Google Chrome version 95.0.4638.69.
SanerNow detects these vulnerabilities and automatically fixes them by applying security updates. Download SanerNow and keep your systems updated and secure.