Kaspersky LabKLA12189KLA12189 Multiple vulnerabilities in Google Chrome
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.6 High
AI Score
Confidence
High
0.022 Low
EPSS
Percentile
89.4%
Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to bypass security restrictions, spoof user interface, execute arbitrary code, cause denial of service, obtain sensitive information.
Below is a complete list of vulnerabilities:
- A policy enforcement vulnerability in Content Security Policy can be exploited to bypass security restrictions.
- A security UI vulnerability in payments component can be exploited to spoof user interface.
- A policy enforcement vulnerability in PopupBlocker can be exploited to bypass security restrictions.
- A use after free vulnerability in WebUI can be exploited to cause denial of service or execute arbitrary code.
- A use after free vulnerability in WebAudio can be exploited to cause denial of service or execute arbitrary code.
- A heap buffer overflow vulnerability in Autofill can be exploited to cause denial of service or execute arbitrary code.
- A use after free vulnerability in WebRTC can be exploited to cause denial of service or execute arbitrary code.
- A use after free vulnerability in TabStrip can be exploited to cause denial of service or execute arbitrary code.
- A double free vulnerability in ICU can be exploited to cause denial of service or execute arbitrary code.
- An out of bounds write vulnerability in TabStrip can be exploited to cause denial of service or execute arbitrary code.
- An out of bounds memory access vulnerability in WebAudio can be exploited to cause denial of service or execute arbitrary code.
- A use after free vulnerability in TabGroups can be exploited to cause denial of service or execute arbitrary code.
- A use after free vulnerability in Bookmarks can be exploited to cause denial of service or execute arbitrary code.
- A use after free vulnerability in WebAuthentication can be exploited to cause denial of service or execute arbitrary code.
- A policy enforcement vulnerability in cookies component can be exploited to bypass security restrictions.
- A policy enforcement vulnerability in iFrameSandbox can be exploited to bypass security restrictions.
- An out of bounds read vulnerability in V8 can be exploited to obtain sensitive information or cause denial of service.
- A policy enforcement vulnerability in content security policy can be exploited to bypass security restrictions.
Original advisories
Stable Channel Update for Desktop
Related products
CVE list
CVE-2021-30538 warning
CVE-2021-30540 high
CVE-2021-30533 high
CVE-2021-30527 critical
CVE-2021-30522 critical
CVE-2021-30521 critical
CVE-2021-30531 high
CVE-2021-30523 critical
CVE-2021-30524 critical
CVE-2021-30535 critical
CVE-2021-30526 critical
CVE-2021-30530 critical
CVE-2021-30525 critical
CVE-2021-30539 high
CVE-2021-30529 critical
CVE-2021-30528 critical
CVE-2021-30532 warning
CVE-2021-30537 warning
CVE-2021-30534 high
CVE-2021-30536 critical
CVE-2021-30543 critical
CVE-2021-30542 critical
CVE-2021-30558 critical
KB list
Solution
Update to the latest version
Impacts
- ACE
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
- OSI
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
- DoS
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
- SB
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
- SUI
Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.
Affected Products
- Google Chrome earlier than 91.0.4472.77
References
support.microsoft.com/kb/4464542
support.microsoft.com/kb/4484527
support.microsoft.com/kb/4493197
support.microsoft.com/kb/4493206
support.microsoft.com/kb/4504711
support.microsoft.com/kb/5001914
support.microsoft.com/kb/5001916
support.microsoft.com/kb/5001917
support.microsoft.com/kb/5001918
support.microsoft.com/kb/5001919
support.microsoft.com/kb/5001920
support.microsoft.com/kb/5001923
support.microsoft.com/kb/5001925
support.microsoft.com/kb/5001927
support.microsoft.com/kb/5001928
support.microsoft.com/kb/5001931
support.microsoft.com/kb/5001935
support.microsoft.com/kb/5001936
support.microsoft.com/kb/5003729
chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html
statistics.securelist.com/
threats.kaspersky.com/en/product/Google-Chrome/
Related
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.6 High
AI Score
Confidence
High
0.022 Low
EPSS
Percentile
89.4%