Security News > 2021 > April > Google Chrome V8 Bug Allows Remote Code-Execution

Google Chrome V8 Bug Allows Remote Code-Execution
2021-04-28 17:48

Google's Chrome browser has several security vulnerabilities that could pave the way to multiple types of attacks, including a V8 bug that could allow remote code execution within a user's browser.

Liu told SecurityWeek that the bug is somewhat mitigated by the fact that it doesn't allow attackers to escape the sandbox where Chrome runs, meaning attackers can't reach any of the other program, data and applications on the computer.

The latter is a type-confusion bug that allows a remote attacker to potentially perform out of bounds memory access, also exploitable with a specially crafted HTML page.

Details of all nine of the Google Chrome vulnerabilities are as follows.

CVE-2021-21227: Insufficient-data-validation vulnerability that exists in the V8 component.

CVE-2021-21230: Type-confusion vulnerability exists in the V8 component.


News URL

https://threatpost.com/google-chrome-v8-bug-remote-code-execution/165662/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-04-30 CVE-2021-21230 Type Confusion vulnerability in multiple products
Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-843
8.8
2021-04-30 CVE-2021-21227 Out-of-bounds Write vulnerability in multiple products
Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-787
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 102 256 4320 4678 741 9995