Lucene search

Kaspersky LabKLA12144

HistoryApr 14, 2021 - 12:00 a.m.

KLA12144 Multiple vulnerabiltiies in Google Chrome

2021-04-1400:00:00

Kaspersky Lab

threats.kaspersky.com

304

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

8.4 High

AI Score

Confidence

High

0.414 Medium

EPSS

Percentile

97.3%

JSON

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, execute arbitrary code, obtain sensitive information, spoof user interface.

Below is a complete list of vulnerabilities:

An implementation vulnerability in Autofill can be exploited to cause denial of service.
A validation of untrusted input vulnerability in Mojo can be exploited to bypass security restrictions.
A use after free vulnerability in permissions can be exploited to cause denial of service or execute arbitrary code.
A use after free vulnerability in extentions can be exploited to cause denial of service or execute arbitrary code.
An implementation vulnerability in storage component can be exploited to cause denial of service.
A policy enforcement vulnerability in navigation component to bypass security restrictions.
A use after free vulnerability in WebMIDI can be exploited to cause denial of service or execute arbitrary code.
A use after free vulnerability in Blink can be exploited to cause denial of service or execute arbitrary code.
An implementation vulnerability in Network can be exploited to cause denial of service.
An uninitialized use vulnerability in PDFium can be exploited to obtain sensitive information.
A security UI vulnerability in Network Config UI can be exploited to spoof user interface.
An implementation vulnerability in Navigation can be exploited to cause denial of service.
A use after free vulnerability in IndexedDB can be exploited to cause denial of service or execute arbitrary code.
A use after free vulnerability in Network API can be exploited to cause denial of service or execute arbitrary code.
A data validation vulnerability in QR scanner can be exploited to bypass security restrictions.

Original advisories

Stable Channel Update for Desktop

Related products

Google-Chrome

CVE list

CVE-2021-21216 high

CVE-2021-21221 high

CVE-2021-21201 critical

CVE-2021-21202 critical

CVE-2021-21209 high

CVE-2021-21205 critical

CVE-2021-21213 critical

CVE-2021-21204 critical

CVE-2021-21210 high

CVE-2021-21219 high

CVE-2021-21203 critical

CVE-2021-21212 high

CVE-2021-21211 high

CVE-2021-21207 critical

CVE-2021-21215 high

CVE-2021-21218 high

CVE-2021-21214 critical

CVE-2021-21217 high

CVE-2021-21208 high

Solution

Update to the latest version

Download Google Chrome

Impacts

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.