{"id":8438,"date":"2021-06-18T13:02:45","date_gmt":"2021-06-18T20:02:45","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?post_type=patch_watch&p=8438"},"modified":"2023-03-07T15:39:38","modified_gmt":"2023-03-07T22:39:38","slug":"chrome-users-patch-cve-2021-30551-immediately","status":"publish","type":"patch_watch","link":"https:\/\/10.42.32.162\/patch_watch\/chrome-users-patch-cve-2021-30551-immediately\/","title":{"rendered":"Chrome Users: Patch CVE-2021-30551 Immediately"},"content":{"rendered":"
\n

Penetration Testers from Securin have highlighted one particular vulnerability that is trending and has exploits in the wild: CVE-2021-30551!<\/span><\/strong><\/p>\n<\/blockquote>\n

On June 9, 2021, Google released fixes for 14 vulnerabilities in Google Chrome, including a zero-day bug. We took a closer look at the 10 vulnerabilities that were listed in the security advisory<\/a> and here is our analysis –<\/p>\n

\"\"<\/p>\n

Why should you patch these CVEs on priority?<\/h2>\n

Securin researchers analyzed 10 vulnerabilities and found –<\/p>\n

    \n
  1. \n

    Nine of these vulnerabilities are Memory Corruption weaknesses and one has Privilege Escalation capabilities.<\/p>\n<\/li>\n

  2. \n

    An attacker could gain remote access to the system leveraging these vulnerabilities and deploy malware into devices.<\/p>\n<\/li>\n

  3. \n

    On June 10, 2021, CISA has featured<\/a> CVE-2021-30551, a zero-day bug.<\/p>\n<\/li>\n

  4. \n

    CVE-2021-30544 is another critical vulnerability with memory corruption weakness, accredited with a CVSS V3 score of 8.7 that is red-flagged by the researchers could possibly fall prey to threat actors and ransomware attacks.<\/p>\n<\/li>\n

  5. \n

    All of the vulnerabilities are provided a CVSS V3 score ranging from 5.7 to 8.7. One is rated critical, seven are high and two are of medium severity.<\/p>\n<\/li>\n

  6. \n

    Of these, eight CVEs are classified under CWE – 416 (Use After Free) that ranks eighth in the Top 25 Most Dangerous Software Weaknesses<\/a> published by MITRE.<\/p>\n<\/li>\n

  7. \n

    A patch is now available to mitigate the risk associated with these vulnerabilities.<\/p>\n<\/li>\n

  8. \n

    Interestingly, each of these vulnerabilities is detected by the popular tenable scanner.<\/p>\n<\/li>\n

  9. \n

    Despite the trends, no information was updated in the NVD database.<\/p>\n<\/li>\n<\/ol>\n

    \"\"<\/p>\n

    Zero-Day Vulnerability<\/h2>\n

    CVE-2021-30551, a trending zero-day vulnerability exists in Chrome\u2019s Javascript engine with privilege escalation capabilities. This CVE has been given a CVSS V3 score of 8.4 (high) and leads to type confusion while accessing resources, categorized under CWE – 843.<\/p>\n

    On June 10, CISA issued<\/a> a warning alert to urge users to patch these Chrome vulnerabilities that could allow an attacker to hijack affected systems. Although Chrome classifies it as a high severity vulnerability, our analysts sense malicious possibilities and advise users to address the issue immediately.<\/p>\n