Security flaws and vulnerabilities in popular software and applications have become a constant in the cybersecurity environment. This is especially notable when security flaws can potentially lead to a broader range of consequences for the general public. Oftentimes, this is unfortunately the case.
A software vulnerability can lead to drastically different scenarios e.g depending on the scope of how it will be exploited by malicious actors. On multiple occasions, security flaws have cropped up which allow a cybercriminal to remote control a system by taking advantage of security gaps.
Recently, in particular, a slew of these remote code execution vulnerabilities have been noted by security researchers. These flaws can also be discovered within any app, service, or software product and are in most cases patched (updated) without affecting too many users. However, sometimes simply patching an exploited vulnerability is impossible at the heavy end of the spectrum. To that end, simple vulnerabilities can lead to security flaws like zero-days that can translate to a global threat.
This time, the latest release reports indicate yet another issue with the Google Chrome browser. Google’s widely-used Chrome browser has been particularly in the spotlight because of a steady flow of security vulnerabilities. These specific vulnerabilities have been reported via Google Chrome Releases on August 2nd, 2021.
Seven Vulnerabilities Discovered in Google Chrome
On August 2nd, 2021 it has been reported officially by the ‘Chrome team’ (posted by security researcher Srinivas Sista) on the Google Blog that seven vulnerabilities were discovered in Google’s Chrome Browser. In this instance, all of the vulnerabilities affect the same software versions of Google Chrome and are categorized ranging from medium to high risk as per the CVE (Common Vulnerabilities and Exposures) system. There are a total of 5 high-risk vulnerabilities, and 2 medium-risk vulnerabilities within Google Chrome’s functions.
Description of The Vulnerabilities
A description of the seven vulnerabilities is as follows separated into high and medium risk categories;
High-Risk
- A high-risk heap buffer overflow in the bookmarks function can allow a remote attacker to compromise a vulnerable system
- A high-risk use after free flaw in the file system API that can allow a remote attacker to compromise a vulnerable system
- A high-risk out of bounds write flaw in the tab groups function that can allow a remote attacker to compromise a vulnerable system
- A high-risk out of bounds read in the tab strip function that can allow a remote attacker to compromise a vulnerable system
- A high-risk use after free flaw in the page info UI function that can allow a remote attacker to compromise a vulnerable system
Medium-Risk
- A medium-risk incorrect security flaw in the UI in navigation function that can allow a remote attacker to perform a spoofing attack
- A medium-risk use after free flaw in the browser UI function that can allow a remote attacker to compromise a vulnerable system
Technical Details Surrounding The Vulnerability
The Google Chrome vulnerabilities are classified as follows, along with their respective CVE ID codes;
- CVE-2021-30590 -High
- CVE-2021-30591 -High
- CVE-2021-30592 -High
- CVE-2021-30593 -High
- CVE-2021-30594 -High
- CVE-2021-30596 – Medium
- CVE-2021-30597 – Medium
The vulnerable software version numbers of Google Chrome are as follows;
The Conclusion
So far, Google has not officially released any information regarding any exploits resulting from these vulnerabilities. This means that no reported damage to users has resulted as of yet. Furthermore, a patch has since been developed and released that mitigates the above seven vulnerabilities. Users should update to the Chrome stable channel update 92.0.4515.131 as soon as possible for Windows, Mac, and Linux. The update, according to Google, contains 10 security fixes.
