CSW Discovers its 50th Zero Day!

Chrome Users: Patch CVE-2021-30551 Immediately

Posted on Jun 18, 2021 | By Pavithra Shankar

Pentesters from CSW have highlighted one particular vulnerability that is trending and has exploits in the wild: CVE-2021-30551!

On June 9, 2021, Google released fixes for 14 vulnerabilities in Google Chrome, including a zero-day bug. We took a closer look at the 10 vulnerabilities that were listed in the security advisory and here is our analysis - 

Why should you patch these CVEs on priority? 

CSW researchers analyzed 10 vulnerabilities and found -

  1. Nine of these vulnerabilities are Memory Corruption weaknesses and one has Privilege Escalation capabilities.

  2. An attacker could gain remote access to the system leveraging these vulnerabilities and deploy malware into devices.

  3. On June 10, 2021, CISA has featured CVE-2021-30551, a zero-day bug.

  4. CVE-2021-30544 is another critical vulnerability with memory corruption weakness, accredited with a CVSS V3 score of 8.7 that is red-flagged by the researchers could possibly fall prey to threat actors and ransomware attacks. 

  5. All of the vulnerabilities are provided a CVSS V3 score ranging from 5.7 to 8.7. One is rated critical, seven are high and two are of medium severity.

  6. Of these, eight CVEs are classified under CWE - 416 (Use After Free) that ranks eighth in the Top 25 Most Dangerous Software Weaknesses published by MITRE.

  7. A patch is now available to mitigate the risk associated with these vulnerabilities.

  8. Interestingly, each of these vulnerabilities is detected by the popular tenable scanner.

  9. Despite the trends, no information was updated in the NVD database.

Zero-Day Vulnerability

CVE-2021-30551, a trending zero-day vulnerability exists in Chrome’s Javascript engine with privilege escalation capabilities. This CVE has been given a CVSS V3 score of 8.4 (high) and leads to type confusion while accessing resources, categorized under CWE - 843. 

On June 10, CISA issued a warning alert to urge users to patch these Chrome vulnerabilities that could allow an attacker to hijack affected systems. Although Chrome classifies it as a high severity vulnerability, our analysts sense malicious possibilities and advise users to address the issue immediately.

Table: Chrome Security Patches

CSW experts recommend users switch to Chrome/Chromium version 91.0.4472.101 ASAP to protect against possible exploits.

 

Protect your organization with Attack Surface Management as a Service. Talk to us.

 

Test your defense to know how secure you are…