Multiple Vulnerabilities in multiple Browsers
Original Issue Date: October 01, 2021
Severity Rating: High
Systems Affected
Google Chrome version prior to 94.0.4606.71 for Windows, Mac and Linux
Microsoft Edge (Chromium-based)versions prior to 94.0.992.38
Overview
Multiple vulnerabilities have been reported in Google Chrome & Microsoft Edge which could be exploited by a remote attacker to execute arbitrary code or obtain sensitive information on the targeted system.
Description
1. Use After Free Vulnerabilities ( CVE-2021-37974 CVE-2021-37975 )
These vulnerabilities exist due to a use-after-free error in Safe Browsing and V8 browser engine component of the affected software. A remote attacker could exploit these vulnerabilities by creating a specially crafted web page and persuading an unsuspected user to visit the page, triggering a use-after-free error. Successful exploitation of these vulnerabilities could allow the attacker to execute arbitrary code on the targeted system.
2. Information Disclosure Vulnerability ( CVE-2021-37976) This vulnerability is due to information leak in core of the affected software. A remote attacker could exploit this vulnerability by persuading an unsuspected user to open a specially crafted web page. Successful exploitation of this vulnerability could allow the attacker to access sensitive information on the targeted system. Note: Two vulnerabilities CVE-2021-37975 and CVE-2021-37976 are currently exploited in the wild, users are advised to apply patches urgently. Solution
Upgrade to Google chrome version 94.0.4606.71 for Windows, Mac, and Linux