Security News > 2021 > April > Google Chrome V8 Bug Allows Remote Code-Execution
Google's Chrome browser has several security vulnerabilities that could pave the way to multiple types of attacks, including a V8 bug that could allow remote code execution within a user's browser.
Liu told SecurityWeek that the bug is somewhat mitigated by the fact that it doesn't allow attackers to escape the sandbox where Chrome runs, meaning attackers can't reach any of the other program, data and applications on the computer.
The latter is a type-confusion bug that allows a remote attacker to potentially perform out of bounds memory access, also exploitable with a specially crafted HTML page.
Details of all nine of the Google Chrome vulnerabilities are as follows.
CVE-2021-21227: Insufficient-data-validation vulnerability that exists in the V8 component.
CVE-2021-21230: Type-confusion vulnerability exists in the V8 component.
News URL
https://threatpost.com/google-chrome-v8-bug-remote-code-execution/165662/
Related news
- New tool bypasses Google Chrome’s new cookie encryption system (source)
- Google Chrome’s AI feature lets you quickly check website trustworthiness (source)
- Google Chrome uses AI to analyze pages in new scam detection feature (source)
- Google says “Enhanced protection” feature in Chrome now uses AI (source)
- Google says new scam protection feature in Chrome uses AI (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-04-30 | CVE-2021-21230 | Type Confusion vulnerability in multiple products Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2021-04-30 | CVE-2021-21227 | Out-of-bounds Write vulnerability in multiple products Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |