You are currently viewing Google Has Released a Fix For High-Severity RCE Vulnerability in Chrome Browser

Google Has Released a Fix For High-Severity RCE Vulnerability in Chrome Browser

  • Post author:
  • Reading time:3 mins read

Google has released a new version 90 to fix high severity vulnerability in the V8 Javascript component of Google Chrome. Google Chrome RCE Vulnerability is tracked as CVE-2021-21227 is an insufficient data validation vulnerability. Successful exploitation of the vulnerability allows remote attackers to execute arbitrary code.

Security researcher Gengming Liu of Singular Security Lab reported this vulnerability to Google. Google has awarded him $15000 for reporting this high severity vulnerability.


Vulnerability Details (CVE-2021-21227)

An insufficient data validation vulnerability found in the Chrome browser, which allows remote attackers to execute arbitrary code. Security researcher Gengming Liu has said that the bug will not allow attackers to escape the sandbox on the system where Chrome is running, i.e., an attacker cannot access any other application or program on the system. Hence this bug needs to be coupled with other vulnerabilities to take over the system and cause more damage to the system when the browser is running.


Impact

The vulnerability could allow attackers to execute remote code. However, coupling this vulnerability with other bugs to escape the sandbox could result in accessing other applications or programs in the system.


Affected Applications by Google Chrome RCE Vulnerability

Google Chrome version below 90.0.4430.93


Solutions

Also, to address this vulnerability, Google has released Chrome version 90.0.4430.93 for Windows, Linux, and Mac. Moreover, fixes a total of 9 vulnerabilities with this version, as follows:

  • CVE-2021-21227: Insufficient-data-validation vulnerability that exists in the V8 component.
  • CVE-2021-21228: Insufficient-policy-enforcement vulnerability that exists in extensions.
  • CVE-2021-21229: Incorrect-security-UI vulnerability exists in downloads.
  • CVE-2021-21230: Type-confusion vulnerability exists in the V8 component.
  • CVE-2021-21231: Insufficient-data-validation vulnerability exists in the V8 component.
  • CVE-2021-21232: Use-after-free vulnerability that exists in Dev Tools component.
  • CVE-2021-21233: Heap-buffer-overflow vulnerability that exists in the ANGLE component.

Also, SanerNow detects these vulnerabilities and automatically fixes them by applying security updates. Use SanerNow to keep your systems updated and secure.