Security News > 2021 > April > Google Chrome V8 Bug Allows Remote Code-Execution
Google's Chrome browser has several security vulnerabilities that could pave the way to multiple types of attacks, including a V8 bug that could allow remote code execution within a user's browser.
Liu told SecurityWeek that the bug is somewhat mitigated by the fact that it doesn't allow attackers to escape the sandbox where Chrome runs, meaning attackers can't reach any of the other program, data and applications on the computer.
The latter is a type-confusion bug that allows a remote attacker to potentially perform out of bounds memory access, also exploitable with a specially crafted HTML page.
Details of all nine of the Google Chrome vulnerabilities are as follows.
CVE-2021-21227: Insufficient-data-validation vulnerability that exists in the V8 component.
CVE-2021-21230: Type-confusion vulnerability exists in the V8 component.
News URL
https://threatpost.com/google-chrome-v8-bug-remote-code-execution/165662/
Related news
- Google Chrome will let you send money to your favourite website (source)
- Google Chrome gets a mind of its own for some security fixes (source)
- Google Chrome Switches to ML-KEM for Post-Quantum Cryptography Defense (source)
- New Google Chrome feature will translate complex pages in real time (source)
- New Octo Android malware version impersonates NordVPN, Google Chrome (source)
- Google fixes ninth Chrome zero-day exploited in attacks this year (source)
- Google fixes ninth Chrome zero-day tagged as exploited this year (source)
- Google Fixes High-Severity Chrome Flaw Actively Exploited in the Wild (source)
- Google tags a tenth Chrome zero-day as exploited this year (source)
- Google Warns of CVE-2024-7965 Chrome Security Flaw Under Active Exploitation (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-04-30 | CVE-2021-21230 | Type Confusion vulnerability in multiple products Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2021-04-30 | CVE-2021-21227 | Out-of-bounds Write vulnerability in multiple products Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |