Chrome Users: Patch CVE-2021-30551 Immediately
Posted on Jun 18, 2021 | By Pavithra Shankar
Pentesters from CSW have highlighted one particular vulnerability that is trending and has exploits in the wild: CVE-2021-30551!
On June 9, 2021, Google released fixes for 14 vulnerabilities in Google Chrome, including a zero-day bug. We took a closer look at the 10 vulnerabilities that were listed in the security advisory and here is our analysis -
Why should you patch these CVEs on priority?
CSW researchers analyzed 10 vulnerabilities and found -
-
Nine of these vulnerabilities are Memory Corruption weaknesses and one has Privilege Escalation capabilities.
-
An attacker could gain remote access to the system leveraging these vulnerabilities and deploy malware into devices.
-
On June 10, 2021, CISA has featured CVE-2021-30551, a zero-day bug.
-
CVE-2021-30544 is another critical vulnerability with memory corruption weakness, accredited with a CVSS V3 score of 8.7 that is red-flagged by the researchers could possibly fall prey to threat actors and ransomware attacks.
-
All of the vulnerabilities are provided a CVSS V3 score ranging from 5.7 to 8.7. One is rated critical, seven are high and two are of medium severity.
-
Of these, eight CVEs are classified under CWE - 416 (Use After Free) that ranks eighth in the Top 25 Most Dangerous Software Weaknesses published by MITRE.
-
A patch is now available to mitigate the risk associated with these vulnerabilities.
-
Interestingly, each of these vulnerabilities is detected by the popular tenable scanner.
-
Despite the trends, no information was updated in the NVD database.
Zero-Day Vulnerability
CVE-2021-30551, a trending zero-day vulnerability exists in Chrome’s Javascript engine with privilege escalation capabilities. This CVE has been given a CVSS V3 score of 8.4 (high) and leads to type confusion while accessing resources, categorized under CWE - 843.
On June 10, CISA issued a warning alert to urge users to patch these Chrome vulnerabilities that could allow an attacker to hijack affected systems. Although Chrome classifies it as a high severity vulnerability, our analysts sense malicious possibilities and advise users to address the issue immediately.
Table: Chrome Security Patches
CSW experts recommend users switch to Chrome/Chromium version 91.0.4472.101 ASAP to protect against possible exploits.
Protect your organization with Attack Surface Management as a Service. Talk to us.
Never miss a patch or an update with CSW’s Patch Watch Newsletter. Subscribe now!