Google Chrome Vulnerability (CVE-2021-30563): Dataprise Defense Digest

EXECUTIVE SUMMARY

Google has issued a warning regarding a serious vulnerability in their Chrome browser (affecting Windows, Mac, and Linux) that could potentially allow a malicious actor to take full control over a machine. Google urges users to update their browsers immediately. Currently it’s estimated that about 2 billion Chrome browser installs are vulnerable.
 

IMPACT

At this point, Google has not issued many details about the exploit in an attempt to reduce attention and reduce the overall number of potential attempts to abuse this vulnerability. It is known that this vulnerability can be leveraged to gain complete control over an affected machine.

DETAILED ANALYSIS

No detailed analysis available at this point. It is known that this vulnerability (CVE-2021-30563) affects core components in Chrome. "Type Confusion V8” (the core engine of JavaScript in Chrome), WebRTC, Graphics Engine, Printing, and audio and streaming components. Google references following related articles:

High — CVE-2021-30598: Type Confusion in V8. Reported by Manfred Paul

High — CVE-2021-30599: Type Confusion in V8. Reported by Manfred Paul

High — CVE-2021-30600: Use after free in Printing. Reported by 360 Alpha Lab

High — CVE-2021-30601: Use after free in Extensions API. Reported by 360 Alpha Lab

High — CVE-2021-30602: Use after free in WebRTC. Reported by Cisco Talos

High — CVE-2021-30603: Race in WebAudio. Reported by Google Project Zero

High — CVE-2021-30604: Use after free in ANGLE. Reported by SecunologyLab

INDICATORS OF COMPROMISE

Chrome versions earlier than 92.0.4515.159 means that the browser is vulnerable. You can check chrome version by navigating to (Settings > Help > About Google Chrome).

MITIGATION STEPS

Manually update Google Chrome browser.

On your computer, open Chrome.

• At the top right, look at More.
• If an update is pending, the icon will be colored:

Green: An update was released less than 2 days ago.

Orange: An update was released about 4 days ago.

Red: An update was released at least a week ago.

To update Google Chrome:

• On your computer, open Chrome.
• At the top right, click More.
• Click Update Google Chrome.
• Important: If you can't find this button, you're on the latest version.
• Click Relaunch.

SOURCES

• https://www.forbes.com/sites/gordonkelly/2021/08/21/google-chrome-warning-high-security-hacks-upgrade-chrome-now/?sh=5f408880eac2

• https://www.forbes.com/sites/gordonkelly/2021/07/17/google-chome-warning-zero-day-hack-free-upgrade-chrome-users/?sh=5381e9d54f

• https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html?m=1

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30563

• https://support.google.com/chrome/answer/95414?hl=en&co=GENIE.Platform%3DDesktop

CONTRIBUTING AUTHORS

• Stephen Jones, Senior Director Cybersecurity
• Maximo Bredfeldt, vCISO
• Susan Verdin, Cybersecurity Analyst