Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
MS ISAC ADVISORY NUMBER:
2021 042
DATE(S) ISSUED:
03/31/2021
OVERVIEW:
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could view, change, or delete data. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.
THREAT INTELLIGENCE:
There are currently no reports of these vulnerabilities being exploited in the wild.
RISK:
Government:
· Large and medium government entities: HIGH
· Small government entities: MEDIUM
Businesses:
· Large and medium business entities: HIGH
· Small business entities: MEDIUM
Home Users:
LOW
TECHNICAL SUMMARY:
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. These vulnerabilities can be exploited if a user visits, or is redirected to, a specially crafted web page. Details of the vulnerabilities are as follows:
- A use after free vulnerability that exists in the 'screen capture' component. (CVE 2021 21194)
- A use after free vulnerability that exists in the 'V8' component. (CVE 2021 21195)
- Heap buffer overflow in TabStrip. (CVE 2021 21196, CVE 2021 21197)
- Out of bounds read in IPC. (CVE 2021 21198)
- Use after free in Aura (CVE 2021 21199)
Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could view, change, or delete data. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.
RECOMMENDATIONS:
We recommend the following actions be taken:
- Apply the stable channel update provided by Google to vulnerable systems immediately after appropriate testing.
- Run all software as a non privileged user (one without administrative privileges) to diminish the effects of a successful attack.
- Remind users not to visit un trusted websites or follow links provided by unknown or un trusted sources.
- Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un trusted sources.
- Apply the Principle of Least Privilege to all systems and services.
REFERENCES:
https://www.cisecurity.org/advisory/multiple vulnerabilities in google chrome could allow for arbitrary code execution_2021 042/
Google:
https://chromereleases.googleblog.com/2021/03/stable channel update for desktop_30.html
CVE:
https://cve.mitre.org/cgi bin/cvename.cgi?name=CVE 2021 21194https://cve.mitre.org/cgi bin/cvename.cgi?name=CVE 2021 21195https://cve.mitre.org/cgi bin/cvename.cgi?name=CVE 2021 21196https://cve.mitre.org/cgi bin/cvename.cgi?name=CVE 2021 21197https://cve.mitre.org/cgi bin/cvename.cgi?name=CVE 2021 21198https://cve.mitre.org/cgi bin/cvename.cgi?name=CVE 2021 21199
Read More
HIGH ALERT – ACT QUICKLY: For organisations using Microsoft Exchange
- The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) has identified extensive targeting, and has confirmed compromises, of Australian organisations with vulnerable Microsoft Exchange deployments. The ACSC is assisting affected organisations with their incident response and remediation.
- The ACSC has identified a large number of Australian organisations are yet to patch vulnerable versions of Microsoft Exchange, leaving them vulnerable to compromise. The ACSC urges these organisations to do so urgently.
- BackgroundThe Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) advises organisations using Microsoft Exchange to urgently patch the following Common Vulnerabilities and Exposures (CVEs):
Microsoft has released security patches for the following versions of Microsoft Exchange:
For more details view this alert: https://brica.de/alerts/alert/1381990/
Multiple Vulnerabilities in SAP Products Could Allow for Arbitrary Code Execution
Successful exploitation of the most severe of these vulnerabilities could allow an unauthenticated, remote attacker to execute code on the affected systems. Depending on the privileges associated with the application, an attacker could then install programs; view, change, or delete data;
Source: BGD e GOV CIRT
Read More
TMUI RCE vulnerability CVE 2020 5902
In BIG IP versions 15.0.0 15.1.0.3, 14.1.0 14.1.2.5, 13.1.0 13.1.3.3, 12.1.0 12.1.5.1, and 11.6.1 11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.
Source: BGD e GOV CIRT
SaltStack Patches Critical Vulnerabilities in Salt
SaltStack has released a security update to address critical vulnerabilities affecting Salt versions prior to 2019.2.4 and 3000.2. Salt is an open source remote task and configuration management framework widely used in data center's and cloud servers. A remote attacker could exploit these vulnerabilities to take control of an affected system...
Source: BGD e GOV CIRT
Read More
ISC Releases Security Advisories for BIND
CVE 2020 8618:
An assertion check in BIND (that is meant to prevent going beyond the end of a buffer when processing incoming data) can be incorrectly triggered by a large response during zone transfer.
Source: BGD e GOV CIRT