ID AKB:B61D2687-96CE-4CE9-939F-9E35DA7814C4 Type attackerkb Reporter AttackerKB Modified 2021-02-13T00:00:00
Description
Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Recent assessments:
gwillcox-r7 at February 05, 2021 4:25pm UTC reported:
Reported as exploited in the wild at <https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.html>. Several news articles such as <https://www.theverge.com/2021/2/5/22267872/chrome-88-zero-day-vulnerability-government-backed-hackers-security-researchers> have suggested that given the timing of this bug, and that it was reported one day before Google’s report on the North Korea hackers targeting security researchers (see <https://www.theverge.com/2021/1/26/22250060/google-threat-analysis-group-north-korean-hackers-cybersecurity-researchers-social-engineering>), it may be related to the 0day Chrome bug that was used by North Korean state actors in that engagement.
Given this is a remote heap overflow in the browser there may be some concerns regarding reliability though and whilst I’m sure there will be public exploits for this bug, I do question how reliable they will be given the nature of trying to exploit heap exploits. I would imagine the exploit would take advantage of JavaScript to craft the heap appropriately. Therefore a temporary, but not recommended, precaution may be to disable JavaScript in Chrome until one can apply this update.
Please note that Chrome will automatically apply the update if you open and close your browser. However people do tend to keep Chrome open with many tabs and then suspend their PC at the end of the day, so its possible that these patches will likely see an uptick in application when the next Patch Tuesday or company wide patch cycle is enforced and people are forced to reboot their PCs to apply patches, and therefore restart Chrome.
{"id": "AKB:B61D2687-96CE-4CE9-939F-9E35DA7814C4", "type": "attackerkb", "bulletinFamily": "info", "title": "CVE-2021-21148", "description": "Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n \n**Recent assessments:** \n \n**gwillcox-r7** at February 05, 2021 4:25pm UTC reported:\n\nReported as exploited in the wild at <https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.html>. Several news articles such as <https://www.theverge.com/2021/2/5/22267872/chrome-88-zero-day-vulnerability-government-backed-hackers-security-researchers> have suggested that given the timing of this bug, and that it was reported one day before Google\u2019s report on the North Korea hackers targeting security researchers (see <https://www.theverge.com/2021/1/26/22250060/google-threat-analysis-group-north-korean-hackers-cybersecurity-researchers-social-engineering>), it may be related to the 0day Chrome bug that was used by North Korean state actors in that engagement.\n\nGiven this is a remote heap overflow in the browser there may be some concerns regarding reliability though and whilst I\u2019m sure there will be public exploits for this bug, I do question how reliable they will be given the nature of trying to exploit heap exploits. I would imagine the exploit would take advantage of JavaScript to craft the heap appropriately. Therefore a temporary, but not recommended, precaution may be to disable JavaScript in Chrome until one can apply this update.\n\nPlease note that Chrome will automatically apply the update if you open and close your browser. However people do tend to keep Chrome open with many tabs and then suspend their PC at the end of the day, so its possible that these patches will likely see an uptick in application when the next Patch Tuesday or company wide patch cycle is enforced and people are forced to reboot their PCs to apply patches, and therefore restart Chrome.\n", "published": "2021-02-09T00:00:00", "modified": "2021-02-13T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://attackerkb.com/topics/9stbF9rFqe/cve-2021-21148", "reporter": "AttackerKB", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21148", "https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUQSMNV7INLDDSD3RKI5S5EAULX2QC7P/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ACWYJ74Z3YN2XH4QMUEGNBC3VXX464L/", "https://www.debian.org/security/2021/dsa-4858", "https://www.theverge.com/2021/2/5/22267872/chrome-88-zero-day-vulnerability-government-backed-hackers-security-researchers", "https://crbug.com/1170176"], "cvelist": ["CVE-2021-21148"], "lastseen": "2021-02-20T15:18:39", "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-21148"]}, {"type": "mscve", "idList": ["MS:CVE-2021-21148"]}, {"type": "freebsd", "idList": ["3E01AAD2-680E-11EB-83E2-E09467587C17"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:AC714CB24C401F36B220E29C6D2B049F"]}, {"type": "nessus", "idList": ["FEDORA_2021-7FB30B9381.NASL", "OPENSUSE-2021-267.NASL", "GOOGLE_CHROME_88_0_4324_150.NASL", "MACOSX_GOOGLE_CHROME_88_0_4324_150.NASL", "MICROSOFT_EDGE_CHROMIUM_88_0_705_63.NASL", "FEDORA_2021-05AFA65D39.NASL", "FREEBSD_PKG_3E01AAD2680E11EB83E2E09467587C17.NASL", "DEBIAN_DSA-4858.NASL", "OPENSUSE-2021-296.NASL"]}, {"type": "threatpost", "idList": ["THREATPOST:398E85215A3E7B7329EE3FED8F6374FF"]}, {"type": "thn", "idList": ["THN:2E0F12E8B4294632DF7D326E9360976B"]}, {"type": "krebs", "idList": ["KREBS:1BEFD58F5124A2E4CA40BD9C1B49B9B7"]}, {"type": "archlinux", "idList": ["ASA-202102-4", "ASA-202102-6"]}, {"type": "fedora", "idList": ["FEDORA:4E16930B130B", "FEDORA:BB03930B3A56"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4858-1:7131E"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:44EA89871AFF6881B909B9FD0E07034F"]}], "modified": "2021-02-20T15:18:39", "rev": 2}, "score": {"value": 5.4, "vector": "NONE", "modified": "2021-02-20T15:18:39", "rev": 2}, "vulnersScore": 5.4}, "attackerkb": {}, "wildExploited": true}
{"cve": [{"lastseen": "2021-02-25T14:59:41", "description": "Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "edition": 6, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-02-09T16:15:00", "title": "CVE-2021-21148", "type": "cve", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21148"], "modified": "2021-02-24T18:59:00", "cpe": ["cpe:/o:debian:debian_linux:10.0", "cpe:/o:fedoraproject:fedora:32", "cpe:/o:fedoraproject:fedora:33"], "id": "CVE-2021-21148", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21148", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"]}], "mscve": [{"lastseen": "2021-02-12T15:33:22", "bulletinFamily": "microsoft", "cvelist": ["CVE-2021-21148"], "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2021>) for more information.\n\n**This CVE has been reported to be exploited in the wild.**\n", "edition": 2, "modified": "2021-02-05T08:00:00", "id": "MS:CVE-2021-21148", "href": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21148", "published": "2021-02-05T08:00:00", "title": "Chromium CVE-2021-21148: Heap buffer overflow in V8", "type": "mscve", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-02-13T04:07:54", "description": "The version of Google Chrome installed on the remote macOS host is prior to 88.0.4324.150. It is, therefore, affected by\na vulnerability as referenced in the 2021_02_stable-channel-update-for-desktop_4 advisory. Note that Nessus has not\ntested for this issue but has instead relied only on the application's self-reported version number.", "edition": 3, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2021-02-04T00:00:00", "title": "Google Chrome < 88.0.4324.150 Vulnerability", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-21148"], "modified": "2021-02-04T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_88_0_4324_150.NASL", "href": "https://www.tenable.com/plugins/nessus/146205", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146205);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/12\");\n\n script_cve_id(\"CVE-2021-21148\");\n script_xref(name:\"IAVA\", value:\"2021-A-0071\");\n\n script_name(english:\"Google Chrome < 88.0.4324.150 Vulnerability\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 88.0.4324.150. It is, therefore, affected by\na vulnerability as referenced in the 2021_02_stable-channel-update-for-desktop_4 advisory. Note that Nessus has not\ntested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?37649cd6\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1170176\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 88.0.4324.150 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21148\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'88.0.4324.150', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-11T10:47:15", "description": "Chrome Releases reports :\n\n[1170176] High CVE-2021-21148: Heap buffer overflow in V8. Reported by\nMattias Buelens on 2021-01-24. Google is aware of reports that an\nexploit for CVE-2021-21148 exists in the wild.", "edition": 2, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2021-02-08T00:00:00", "title": "FreeBSD : chromium -- heap buffer overflow in V8 (3e01aad2-680e-11eb-83e2-e09467587c17)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-21148"], "modified": "2021-02-08T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:chromium"], "id": "FREEBSD_PKG_3E01AAD2680E11EB83E2E09467587C17.NASL", "href": "https://www.tenable.com/plugins/nessus/146288", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(146288);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/10\");\n\n script_cve_id(\"CVE-2021-21148\");\n\n script_name(english:\"FreeBSD : chromium -- heap buffer overflow in V8 (3e01aad2-680e-11eb-83e2-e09467587c17)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Chrome Releases reports :\n\n[1170176] High CVE-2021-21148: Heap buffer overflow in V8. Reported by\nMattias Buelens on 2021-01-24. Google is aware of reports that an\nexploit for CVE-2021-21148 exists in the wild.\"\n );\n # https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?37649cd6\"\n );\n # https://vuxml.freebsd.org/freebsd/3e01aad2-680e-11eb-83e2-e09467587c17.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?74b0c890\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21148\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<88.0.4324.150\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-13T03:39:53", "description": "The version of Google Chrome installed on the remote Windows host is prior to 88.0.4324.150. It is, therefore, affected\nby a vulnerability as referenced in the 2021_02_stable-channel-update-for-desktop_4 advisory. Note that Nessus has not\ntested for this issue but has instead relied only on the application's self-reported version number.", "edition": 3, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2021-02-04T00:00:00", "title": "Google Chrome < 88.0.4324.150 Vulnerability", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-21148"], "modified": "2021-02-04T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_88_0_4324_150.NASL", "href": "https://www.tenable.com/plugins/nessus/146204", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146204);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/12\");\n\n script_cve_id(\"CVE-2021-21148\");\n script_xref(name:\"IAVA\", value:\"2021-A-0071\");\n\n script_name(english:\"Google Chrome < 88.0.4324.150 Vulnerability\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 88.0.4324.150. It is, therefore, affected\nby a vulnerability as referenced in the 2021_02_stable-channel-update-for-desktop_4 advisory. Note that Nessus has not\ntested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?37649cd6\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1170176\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 88.0.4324.150 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21148\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\ninstalls = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'88.0.4324.150', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-20T13:00:32", "description": "This update for opera fixes the following issues :\n\n - Update to version 74.0.3911.107\n\n - CHR-8311 Update chromium on desktop-stable-88-3911 to\n 88.0.4324.150\n\n - DNA-90329 Implement client_capabilities negotiation for\n Flow / Sync\n\n - DNA-90560 [Search Tabs] Open Tabs On Top\n\n - DNA-90620 Add opauto tests for tab snoozing\n\n - DNA-90628 Update opauto tests after design changes\n\n - DNA-90818 Only 3 recently closed tabs are shown in a\n search mode\n\n - DNA-90911 Enable search-tabs-open-tabs-on-top on\n developer\n\n - DNA-90990 Crash at\n opera::AddressBarView::NotifyBoundsChanged()\n\n - DNA-90991 Opera doesn’t show version and\n ‘Relaunch’ button despite update is ready\n\n - DNA-91097 Crash at\n extensions::BrowserSidebarPrivateGetPremium\n ExtensionsInfoFunction::Run()\n\n - DNA-91163 [Win] “URL navigation filters”\n subpage doesn’t react on actions\n\n - DNA-91196 [Flow] Device capabilities is not properly\n saved in Local State\n\n - DNA-91276 Sidebar setup wont open\n\n - The update to chromium 88.0.4324.150 fixes following\n issues :\n\n - CVE-2021-21148 (1181827)", "edition": 2, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2021-02-16T00:00:00", "title": "openSUSE Security Update : opera (openSUSE-2021-296)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-21148"], "modified": "2021-02-16T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:opera", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-296.NASL", "href": "https://www.tenable.com/plugins/nessus/146501", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2021-296.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(146501);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/19\");\n\n script_cve_id(\"CVE-2021-21148\");\n\n script_name(english:\"openSUSE Security Update : opera (openSUSE-2021-296)\");\n script_summary(english:\"Check for the openSUSE-2021-296 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for opera fixes the following issues :\n\n - Update to version 74.0.3911.107\n\n - CHR-8311 Update chromium on desktop-stable-88-3911 to\n 88.0.4324.150\n\n - DNA-90329 Implement client_capabilities negotiation for\n Flow / Sync\n\n - DNA-90560 [Search Tabs] Open Tabs On Top\n\n - DNA-90620 Add opauto tests for tab snoozing\n\n - DNA-90628 Update opauto tests after design changes\n\n - DNA-90818 Only 3 recently closed tabs are shown in a\n search mode\n\n - DNA-90911 Enable search-tabs-open-tabs-on-top on\n developer\n\n - DNA-90990 Crash at\n opera::AddressBarView::NotifyBoundsChanged()\n\n - DNA-90991 Opera doesn’t show version and\n ‘Relaunch’ button despite update is ready\n\n - DNA-91097 Crash at\n extensions::BrowserSidebarPrivateGetPremium\n ExtensionsInfoFunction::Run()\n\n - DNA-91163 [Win] “URL navigation filters”\n subpage doesn’t react on actions\n\n - DNA-91196 [Flow] Device capabilities is not properly\n saved in Local State\n\n - DNA-91276 Sidebar setup wont open\n\n - The update to chromium 88.0.4324.150 fixes following\n issues :\n\n - CVE-2021-21148 (1181827)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181827\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected opera package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opera\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"opera-74.0.3911.107-lp152.2.34.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"opera\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-10T20:47:51", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 88.0.705.63. It is, therefore, affected\nby a vulnerability as referenced in the CVE-2021-21148 advisory. Note that Nessus has not tested for this issue but has\ninstead relied only on the application's self-reported version number.", "edition": 2, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2021-02-08T00:00:00", "title": "Microsoft Edge (Chromium) < 88.0.705.63 Vulnerability", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-21148"], "modified": "2021-02-08T00:00:00", "cpe": ["cpe:/a:microsoft:edge"], "id": "MICROSOFT_EDGE_CHROMIUM_88_0_705_63.NASL", "href": "https://www.tenable.com/plugins/nessus/146271", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146271);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/09\");\n\n script_cve_id(\"CVE-2021-21148\");\n\n script_name(english:\"Microsoft Edge (Chromium) < 88.0.705.63 Vulnerability\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by a vulnerability\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 88.0.705.63. It is, therefore, affected\nby a vulnerability as referenced in the CVE-2021-21148 advisory. Note that Nessus has not tested for this issue but has\ninstead relied only on the application's self-reported version number.\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21148\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c8284af6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 88.0.705.63 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21148\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\napp_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nconstraints = [\n { 'fixed_version' : '88.0.705.63' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-13T12:50:56", "description": "This update for chromium fixes the following issues :\n\nUpdate to 88.0.4324.150 boo#1181827\n\n - CVE-2021-21148: Heap buffer overflow in V8", "edition": 3, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2021-02-10T00:00:00", "title": "openSUSE Security Update : chromium (openSUSE-2021-267)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-21148"], "modified": "2021-02-10T00:00:00", "cpe": ["cpe:/o:novell:opensuse:15.2", "p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium-debuginfo"], "id": "OPENSUSE-2021-267.NASL", "href": "https://www.tenable.com/plugins/nessus/146355", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2021-267.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(146355);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/12\");\n\n script_cve_id(\"CVE-2021-21148\");\n\n script_name(english:\"openSUSE Security Update : chromium (openSUSE-2021-267)\");\n script_summary(english:\"Check for the openSUSE-2021-267 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for chromium fixes the following issues :\n\nUpdate to 88.0.4324.150 boo#1181827\n\n - CVE-2021-21148: Heap buffer overflow in V8\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181827\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21148\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromedriver-88.0.4324.150-lp152.2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromedriver-debuginfo-88.0.4324.150-lp152.2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromium-88.0.4324.150-lp152.2.72.1\", allowmaj:TRUE) ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromium-debuginfo-88.0.4324.150-lp152.2.72.1\", allowmaj:TRUE) ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-17T02:42:19", "description": "Update to 88.0.4324.150. Fixes :\n\nCVE-2021-21142 CVE-2021-21143 CVE-2021-21144 CVE-2021-21145\nCVE-2021-21146 CVE-2021-21147 CVE-2021-21148\n\nPlease keep in mind that this release fixes an actively exploited\n0-day vulnerability.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 4, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2021-02-10T00:00:00", "title": "Fedora 33 : chromium (2021-05afa65d39)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-21148", "CVE-2021-21145", "CVE-2021-21146", "CVE-2021-21147", "CVE-2021-21143", "CVE-2021-21144", "CVE-2021-21142"], "modified": "2021-02-10T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:chromium", "cpe:/o:fedoraproject:fedora:33"], "id": "FEDORA_2021-05AFA65D39.NASL", "href": "https://www.tenable.com/plugins/nessus/146363", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2021-05afa65d39.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(146363);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/16\");\n\n script_cve_id(\"CVE-2021-21142\", \"CVE-2021-21143\", \"CVE-2021-21144\", \"CVE-2021-21145\", \"CVE-2021-21146\", \"CVE-2021-21147\", \"CVE-2021-21148\");\n script_xref(name:\"FEDORA\", value:\"2021-05afa65d39\");\n\n script_name(english:\"Fedora 33 : chromium (2021-05afa65d39)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Update to 88.0.4324.150. Fixes :\n\nCVE-2021-21142 CVE-2021-21143 CVE-2021-21144 CVE-2021-21145\nCVE-2021-21146 CVE-2021-21147 CVE-2021-21148\n\nPlease keep in mind that this release fixes an actively exploited\n0-day vulnerability.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2021-05afa65d39\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected chromium package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21148\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:33\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^33([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 33\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC33\", reference:\"chromium-88.0.4324.150-1.fc33\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-20T10:48:10", "description": "Update to 88.0.4324.150. Fixes :\n\nCVE-2021-21142 CVE-2021-21143 CVE-2021-21144 CVE-2021-21145\nCVE-2021-21146 CVE-2021-21147 CVE-2021-21148\n\nPlease keep in mind that this release fixes an actively exploited\n0-day vulnerability.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 2, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2021-02-17T00:00:00", "title": "Fedora 32 : chromium (2021-7fb30b9381)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-21148", "CVE-2021-21145", "CVE-2021-21146", "CVE-2021-21147", "CVE-2021-21143", "CVE-2021-21144", "CVE-2021-21142"], "modified": "2021-02-17T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:32", "p-cpe:/a:fedoraproject:fedora:chromium"], "id": "FEDORA_2021-7FB30B9381.NASL", "href": "https://www.tenable.com/plugins/nessus/146559", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2021-7fb30b9381.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(146559);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/19\");\n\n script_cve_id(\"CVE-2021-21142\", \"CVE-2021-21143\", \"CVE-2021-21144\", \"CVE-2021-21145\", \"CVE-2021-21146\", \"CVE-2021-21147\", \"CVE-2021-21148\");\n script_xref(name:\"FEDORA\", value:\"2021-7fb30b9381\");\n\n script_name(english:\"Fedora 32 : chromium (2021-7fb30b9381)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Update to 88.0.4324.150. Fixes :\n\nCVE-2021-21142 CVE-2021-21143 CVE-2021-21144 CVE-2021-21145\nCVE-2021-21146 CVE-2021-21147 CVE-2021-21148\n\nPlease keep in mind that this release fixes an actively exploited\n0-day vulnerability.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2021-7fb30b9381\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected chromium package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21148\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:32\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^32([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 32\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC32\", reference:\"chromium-88.0.4324.150-1.fc32\", allowmaj:TRUE)) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromium\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-23T02:08:55", "description": "Several vulnerabilities have been discovered in the chromium web\nbrowser.\n\n - CVE-2021-21148\n Mattias Buelens discovered a buffer overflow issue in\n the v8 JavaScript library.\n\n - CVE-2021-21149\n Ryoya Tsukasaki discovered a stack overflow issue in the\n Data Transfer implementation.\n\n - CVE-2021-21150\n Woojin Oh discovered a use-after-free issue in the file\n downloader.\n\n - CVE-2021-21151\n Khalil Zhani discovered a use-after-free issue in the\n payments system.\n\n - CVE-2021-21152\n A buffer overflow was discovered in media handling.\n\n - CVE-2021-21153\n Jan Ruge discovered a stack overflow issue in the GPU\n process.\n\n - CVE-2021-21154\n Abdulrahman Alqabandi discovered a buffer overflow issue\n in the Tab Strip implementation.\n\n - CVE-2021-21155\n Khalil Zhani discovered a buffer overflow issue in the\n Tab Strip implementation.\n\n - CVE-2021-21156\n Sergei Glazunov discovered a buffer overflow issue in\n the v8 JavaScript library.\n\n - CVE-2021-21157\n A use-after-free issue was discovered in the Web Sockets\n implementation.", "edition": 1, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2021-02-22T00:00:00", "title": "Debian DSA-4858-1 : chromium - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-21148", "CVE-2021-21151", "CVE-2021-21156", "CVE-2021-21155", "CVE-2021-21150", "CVE-2021-21152", "CVE-2021-21154", "CVE-2021-21149", "CVE-2021-21153", "CVE-2021-21157"], "modified": "2021-02-22T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:10.0", "p-cpe:/a:debian:debian_linux:chromium"], "id": "DEBIAN_DSA-4858.NASL", "href": "https://www.tenable.com/plugins/nessus/146757", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4858. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(146757);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/22\");\n\n script_cve_id(\"CVE-2021-21148\", \"CVE-2021-21149\", \"CVE-2021-21150\", \"CVE-2021-21151\", \"CVE-2021-21152\", \"CVE-2021-21153\", \"CVE-2021-21154\", \"CVE-2021-21155\", \"CVE-2021-21156\", \"CVE-2021-21157\");\n script_xref(name:\"DSA\", value:\"4858\");\n\n script_name(english:\"Debian DSA-4858-1 : chromium - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the chromium web\nbrowser.\n\n - CVE-2021-21148\n Mattias Buelens discovered a buffer overflow issue in\n the v8 JavaScript library.\n\n - CVE-2021-21149\n Ryoya Tsukasaki discovered a stack overflow issue in the\n Data Transfer implementation.\n\n - CVE-2021-21150\n Woojin Oh discovered a use-after-free issue in the file\n downloader.\n\n - CVE-2021-21151\n Khalil Zhani discovered a use-after-free issue in the\n payments system.\n\n - CVE-2021-21152\n A buffer overflow was discovered in media handling.\n\n - CVE-2021-21153\n Jan Ruge discovered a stack overflow issue in the GPU\n process.\n\n - CVE-2021-21154\n Abdulrahman Alqabandi discovered a buffer overflow issue\n in the Tab Strip implementation.\n\n - CVE-2021-21155\n Khalil Zhani discovered a buffer overflow issue in the\n Tab Strip implementation.\n\n - CVE-2021-21156\n Sergei Glazunov discovered a buffer overflow issue in\n the v8 JavaScript library.\n\n - CVE-2021-21157\n A use-after-free issue was discovered in the Web Sockets\n implementation.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21148\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21149\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21150\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21151\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21152\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21154\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21155\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21156\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-21157\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/chromium\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/chromium\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2021/dsa-4858\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the chromium packages.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 88.0.4324.182-1~deb10u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"chromium\", reference:\"88.0.4324.182-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-common\", reference:\"88.0.4324.182-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-driver\", reference:\"88.0.4324.182-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-l10n\", reference:\"88.0.4324.182-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-sandbox\", reference:\"88.0.4324.182-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-shell\", reference:\"88.0.4324.182-1~deb10u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2021-02-12T15:26:38", "bulletinFamily": "unix", "cvelist": ["CVE-2021-21148"], "description": "\nChrome Releases reports:\n\n[1170176] High CVE-2021-21148: Heap buffer overflow in V8.\n\t Reported by Mattias Buelens on 2021-01-24. Google is aware of\n\t reports that an exploit for CVE-2021-21148 exists in the wild.\n\n", "edition": 2, "modified": "2021-02-04T00:00:00", "published": "2021-02-04T00:00:00", "id": "3E01AAD2-680E-11EB-83E2-E09467587C17", "href": "https://vuxml.freebsd.org/freebsd/3e01aad2-680e-11eb-83e2-e09467587c17.html", "title": "chromium -- heap buffer overflow in V8", "type": "freebsd", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "malwarebytes": [{"lastseen": "2021-02-12T13:10:41", "bulletinFamily": "blog", "cvelist": ["CVE-2021-21148"], "description": "A Chrome patch has been issued with an advisory stating that the Stable channel has been updated to 88.0.4324.150 for Windows, Mac and Linux. The only noteworthy thing about this update is a patch for a zero-day vulnerability that has been actively exploited in the wild. But that one looks to be extremely important.\n\n### Which zero-day got patched?\n\nPublicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services). This zero-day got listed as [CVE-2021-21148](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-21148>). From the [update announcement](<https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.html>) for this Chrome patch we can learn that the patch counters a heap buffer overflow in the V8 JavaScript engine, reported by Mattias Buelens on January 24, 2021.\n\n### What is a heap buffer overflow?\n\nHeap is the name for a region of a process\u2019 memory which is used to store dynamic variables. A buffer overflow is a type of software vulnerability that exists when an area of memory within a software application reaches its address boundary and writes into an adjacent memory region. In software exploit code, two common areas that are targeted for overflows are the stack and the heap.\n\nSo, by creating a specially crafted input, attackers could use this vulnerability to write code into a memory location where they normally wouldn\u2019t have access. Having this attack vector available as a zero-day in a popular browser is a golden opportunity for a watering hole.\n\nWatering holes are used as a targeted attack strategy. The attackers infect a website where they know their intended victim(s) will visit, or lure them to a site of their own making. Depending on the nature of the infection, the attackers can single out their intended target(s) or just infect anyone that visits the site unprotected. The watering hole strategy is a mix of social engineering, hacking, and drive-by infections that requires a high level of knowledge and a well-thought-out strategy.\n\n### How was this vulnerability used in the wild?\n\nBased on the timing of the discovery (January 24) and [this report](<https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/>) by Google\u2019s Threat Analysis Group (TAG) issued on January 26, the general assumption is that the attack was used against security researchers working on vulnerability research and development at different companies and organizations. To connect and gain trust among security researchers, the actors created a research blog and multiple Twitter profiles to interact with potential targets.\n\nOne of the methods the attackers used was to interact with the researchers and get them to follow a link on Twitter to a write-up hosted on a malicious website. Shortly after the visit, a malicious service was installed on the researcher\u2019s system and an in-memory backdoor would begin to communicate with a [command and control (C&C)](<https://blog.malwarebytes.com/glossary/cc/>) server. This sure sounds like something that could be accomplished using a heap buffer overflow in a browser.\n\n### The update\n\nDespite its discovery, this exploit remains useful to cybercriminals. We advise everyone to update and get the latest version of Chrome as soon as possible. \n\nThe easiest way to do it is to allow Chrome to update automatically, which basically uses the same method as outlined below but does not require your attention. But you can end up lagging behind if you never close the browser or if something goes wrong, such as an extension stopping you from updating the browser. \n\nSo, it doesn\u2019t hurt to check now and then. And now would be a good time, given the zero-day vulnerability. My preferred method is to have Chrome open the page [chrome://settings/help](<https://settings/help>) which you can also find by clicking **Settings > About Chrome**.\n\nIf there is an update available, Chrome will notify you and start downloading it. Then it will tell you all you have to do to complete the update is **Relaunch **the browser.\n\n_After the update your version should be at 88.0.4324.150 or later_\n\nStay safe, everyone!\n\nThe post [Update now! Chrome patches zero-day that was exploited in the wild](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/02/update-now-chrome-patches-zero-day-that-was-exploited-in-the-wild/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "modified": "2021-02-05T12:14:04", "published": "2021-02-05T12:14:04", "id": "MALWAREBYTES:AC714CB24C401F36B220E29C6D2B049F", "href": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/02/update-now-chrome-patches-zero-day-that-was-exploited-in-the-wild/", "type": "malwarebytes", "title": "Update now! Chrome patches zero-day that was exploited in the wild", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "thn": [{"lastseen": "2021-02-06T08:40:21", "bulletinFamily": "info", "cvelist": ["CVE-2021-21142", "CVE-2021-21148"], "description": "[](<https://thehackernews.com/images/-qsKUPh_-GYc/YBz2LhQRcgI/AAAAAAAABsU/xp30FnHWlk4M9WwbgZRSXy28jldlk3R2wCLcBGAsYHQ/s0/chrome-zero-day-vulnerability.jpg>)\n\nGoogle has patched a zero-day vulnerability in Chrome web browser for desktop that it says is being actively exploited in the wild.\n\nThe company released [88.0.4324.150](<https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.html>) for Windows, Mac, and Linux, with a fix for a heap buffer overflow flaw (CVE-2021-21148) in its V8 JavaScript rendering engine.\n\n\"Google is aware of reports that an exploit for CVE-2021-21148 exists in the wild,\" the company said in a statement.\n\nThe security flaw was reported to Google by Mattias Buelens on January 24.\n\n[](<https://go.thn.li/password-auditor> \"password auditor\" )\n\nPreviously on February 2, Google [addressed six issues in Chrome](<https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop.html>), including one critical use after free vulnerability in Payments (CVE-2021-21142) and four high severity flaws in Extensions, Tab Groups, Fonts, and Navigation features.\n\nWhile it's typical of Google to limit details of the vulnerability until a majority of users are updated with the fix, the development comes weeks after Google and Microsoft [disclosed](<https://thehackernews.com/2021/01/n-korean-hackers-targeting-security.html>) attacks carried out by North Korean hackers against security researchers with an elaborate social engineering campaign to install a Windows backdoor.\n\nWith some researchers infected simply by visiting a fake research blog on fully patched systems running Windows 10 and Chrome browser, Microsoft, in a report published on January 28, had hinted that the attackers likely leveraged a Chrome zero-day to compromise the systems.\n\nAlthough it's not immediately clear if CVE-2021-21148 was used in these attacks, the timing of the revelations and the fact that Google's advisory came out exactly one day after Buelens reported the issue implies they could be related.\n\nIn a separate technical write-up, South Korean cybersecurity firm ENKI [said](<https://enki.co.kr/blog/2021/02/04/ie_0day.html>) the North Korean state-sponsored hacking group known as Lazarus made an unsuccessful attempt at targeting its security researchers with malicious MHTML files that, when opened, downloaded two payloads from a remote server, one of which contained a zero-day against Internet Explorer.\n\n\"The secondary payload contains the attack code that attacks the vulnerability of the Internet Explorer browser,\" ENKI researchers said.\n\nIt's worth noting that Google last year [fixed five Chrome zero-days](<https://thehackernews.com/2020/11/two-new-chrome-0-days-under-active.html>) that were actively exploited in the wild in a span of one month between October 20 and November 12.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "modified": "2021-02-06T07:03:40", "published": "2021-02-05T07:40:00", "id": "THN:2E0F12E8B4294632DF7D326E9360976B", "href": "https://thehackernews.com/2021/02/new-chrome-browser-0-day-under-active.html", "type": "thn", "title": "New Chrome Browser 0-day Under Active Attack\u2014Update Immediately!", "cvss": {"score": 0.0, "vector": "NONE"}}], "threatpost": [{"lastseen": "2021-02-05T15:56:30", "bulletinFamily": "info", "cvelist": ["CVE-2020-15995", "CVE-2021-21148"], "description": "Google is warning of a zero-day vulnerability in its V8 open-source web engine that\u2019s being actively exploited by attackers.\n\nA patch has been issued in version 88 of Google\u2019s Chrome browser \u2014 specifically, version 88.0.4324.150 for Windows, Mac and Linux. This update will roll out over the coming days and weeks, said Google. The flaw ([CVE-2021-21148](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-21148>)) stems from a heap-buffer overflow, said Google.\n\n\u201cGoogle is aware of reports that an exploit for CVE-2021-21148 exists in the wild,\u201d according to [Google\u2019s Thursday security update](<https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.html>).\n\n## **What is a Heap-Buffer Overflow Security Flaw?**\n\nA heap-buffer overflow flaw as its name suggests, is a type of [buffer-overflow error.](<https://cwe.mitre.org/data/definitions/122.html>) This is a class of vulnerability where the region of a process\u2019 memory used to store dynamic variables (the heap) can be overwhelmed. If a buffer-overflow occurs, it typically causes the affected program to behave incorrectly, [according to researchers with Imperva](<https://www.imperva.com/learn/application-security/buffer-overflow/>) \u2013 causing memory access errors and crashes \u2014 and opening the door to remote code execution.\n\nHowever, beyond classifying the flaw as a heap-buffer overflow, Google did not specify the potential impact of this vulnerability. In fact, details of the bug overall (including how it can be exploited) remain scant while Google works to push out the fixes.\n\n\u201cAccess to bug details and links may be kept restricted until a majority of users are updated with a fix,\u201d said Google. \u201cWe will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven\u2019t yet fixed.\u201d\n\n## **What is the V8 JavaScript Engine?**\n\nThe heap-buffer overflow error exists in V8, an open-source WebAssembly and JavaScript engine developed by the Chromium Project for Google Chrome and Chromium web browsers. V8, which is written in C++, can run stand-alone, or can be embedded into any C++ application.\n\nBugs have previously been discovered (and exploited) in V8, including a flaw in November that was high-severity and tied to active exploits. That flaw [was only described as](<https://threatpost.com/chrome-holes-actively-targeted/160890/>) an \u201cinappropriate implementation in V8.\u201d** **\n\n## **Security Researchers: Targets for Chrome Zero-Day Exploits?**\n\nWhile Google didn\u2019t provide further details of the attackers exploiting the flaw, researchers with Malwarebytes on Friday made a \u201cgeneral assumption\u201d that the attack \u201cwas used against security researchers working on vulnerability research and development at different companies and organizations.\u201d\n\nThey pointed to the timing of when the vulnerability was reported to Google by Mattias Buelens (Jan. 24) and when a report released by Google\u2019s Threat Analysis Group (Jan. 26). That report [by Google researchers](<https://threatpost.com/north-korea-security-researchers-0-day/163333/>) revealed that hackers linked to [North Korea](<https://threatpost.com/north-korea-spy-reporters-feds-warn/160622/>) were targeting security researchers with an elaborate social-engineering campaign that set up trusted relationships with them \u2014 and then infected their organizations\u2019 systems with custom backdoor malware.\n\n\u201cOne of the methods the attackers used was to interact with the researchers and get them to follow a link on Twitter to a write-up hosted on a malicious website,\u201d said [researchers with Malwarebytes](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/02/update-now-chrome-patches-zero-day-that-was-exploited-in-the-wild/>). \u201cShortly after the visit, a malicious service was installed on the researcher\u2019s system and an in-memory backdoor would begin to communicate with a command and control (C&C) server. This sure sounds like something that could be accomplished using a heap buffer overflow in a browser.\u201d\n\nHowever, Google has not confirmed any correlation with this attack.\n\n## **Google Chrome Browser: How to Update**\n\nResearchers urge Google Chrome users to update as soon as possible. Chrome will in many cases update to its newest version automatically, however security experts suggest that users double check that this has happened. To check if an update is available:\n\n * Google Chrome users can go to chrome://settings/help by clicking Settings > About Chrome\n * If an update is available Chrome will notify users and then start the download process\n * Users can then relaunch the browser to complete the update\n\n## ** ****Google Chrome Cybersecurity Flaws Continue **\n\nThe flaw is only the latest security issue in Google Chrome in recent months. In January, the Cybersecurity and Infrastructure Security Agency (CISA) [urged Windows, macOS and Linux users](<https://threatpost.com/firefox-chrome-edge-bugs-system-hijacking/162873/>) of Google\u2019s Chrome browser to patch an out-of-bounds write bug (CVE-2020-15995) impacting the current 87.0.4280.141 version of the software.\n\nAnd in December, Google updated Chrome to fix four bugs with a severity rating of \u201chigh\u201d and eight overall. [Three were use-after-free flaws](<https://threatpost.com/google_chrome_bugs_patched/161907/>), which could allow an adversary to generate an error in the browser\u2019s memory, opening the door to a browser hack and host computer compromise.\n\n**Download our exclusive **[**FREE Threatpost Insider eBook**](<https://threatpost.com/ebooks/healthcare-security-woes-balloon-in-a-covid-era-world/?utm_source=FEATURE&utm_medium=FEATURE&utm_campaign=Nov_eBook>) _**Healthcare Security Woes Balloon in a Covid-Era World**_**, sponsored by ZeroNorth, to learn more about what these security risks mean for hospitals at the day-to-day level and how healthcare security teams can implement best practices to protect providers and patients. Get the whole story and **[**DOWNLOAD the eBook now**](<https://threatpost.com/ebooks/healthcare-security-woes-balloon-in-a-covid-era-world/?utm_source=ART&utm_medium=ART&utm_campaign=Nov_eBook>)** \u2013 on us!**\n\nWrite a comment\n\n**Share this article:**\n\n * [Hacks](<https://threatpost.com/category/hacks/>)\n * [Vulnerabilities](<https://threatpost.com/category/vulnerabilities/>)\n * [Web Security](<https://threatpost.com/category/web-security/>)\n", "modified": "2021-02-05T15:47:55", "published": "2021-02-05T15:47:55", "id": "THREATPOST:398E85215A3E7B7329EE3FED8F6374FF", "href": "https://threatpost.com/google-chrome-zero-day-windows-mac/163688/", "type": "threatpost", "title": "Google Chrome Zero-Day Afflicts Windows, Mac Users", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "krebs": [{"lastseen": "2021-02-10T00:29:38", "bulletinFamily": "blog", "cvelist": ["CVE-2020-1472", "CVE-2021-1732", "CVE-2021-21148", "CVE-2021-24078"], "description": "**Microsoft** today rolled out updates to plug at least 56 security holes in its **Windows** operating systems and other software. One of the bugs is already being actively exploited, and six of them were publicized prior to today, potentially giving attackers a head start in figuring out how to exploit the flaws.\n\n\n\nNine of the 56 vulnerabilities earned Microsoft's most urgent "critical" rating, meaning malware or miscreants could use them to seize remote control over unpatched systems with little or no help from users.\n\nThe flaw being exploited in the wild already -- [CVE-2021-1732](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1732>) -- affects Windows 10, Server 2016 and later editions. It received a slightly less dire "important" rating and mainly because it is a vulnerability that lets an attacker increase their authority and control on a device, which means the attacker needs to already have access to the target system.\n\nTwo of the other bugs that were disclosed prior to this week are critical and reside in **Microsoft's .NET Framework**, a component required by many third-party applications (most Windows users will have some version of .NET installed).\n\nWindows 10 users should note that while the operating system installs all monthly patch roll-ups in one go, that rollup does not typically include .NET updates, which are installed on their own. So when you've backed up your system and installed this month's patches, you may want to check Windows Update again to see if there are any .NET updates pending.\n\nA key concern for enterprises is another critical bug in the DNS server on Windows Server 2008 through 2019 versions that could be used to remotely install software of the attacker's choice. [CVE-2021-24078](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-24078>) earned [a CVSS Score](<https://nvd.nist.gov/vuln-metrics/cvss>) of 9.8, which is about as dangerous as they come.\n\n**Recorded Future** says this vulnerability can be exploited remotely by getting a vulnerable DNS server to query for a domain it has not seen before (e.g. by sending a phishing email with a link to a new domain or even with images embedded that call out to a new domain). **Kevin Breen** of **Immersive Labs** notes that CVE-2021-24078 could let an attacker steal loads of data by altering the destination for an organization's web traffic -- such as pointing internal appliances or Outlook email access at a malicious server.\n\nWindows Server users also should be aware that Microsoft this month is enforcing the second round of security improvements as part of a two-phase update to address [CVE-2020-1472](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1472>), a severe vulnerability that [first saw active exploitation back in September 2020](<https://krebsonsecurity.com/2020/09/microsoft-attackers-exploiting-zerologon-windows-flaw/>).\n\nThe vulnerability, dubbed "**Zerologon**," is a bug in the core "**Netlogon**" component of Windows Server devices. The flaw lets an unauthenticated attacker gain administrative access to a Windows domain controller and run any application at will. A domain controller is a server that responds to security authentication requests in a Windows environment, and a compromised domain controller can give attackers the keys to the kingdom inside a corporate network.\n\nMicrosoft's [initial patch for CVE-2020-1472](<https://krebsonsecurity.com/2020/08/microsoft-patch-tuesday-august-2020-edition/>) fixed the flaw on Windows Server systems, but did nothing to stop unsupported or third-party devices from talking to domain controllers using the insecure Netlogon communications method. Microsoft said it chose this two-step approach "to ensure vendors of non-compliant implementations can provide customers with updates." With this month's patches, Microsoft will begin rejecting insecure Netlogon attempts from non-Windows devices.\n\nA couple of other, non-Windows security updates are worth mentioning. Adobe today [released updates to fix at least 50 security holes in a range of products](<https://blogs.adobe.com/psirt/?p=1965>), including Photoshop and Reader. The Acrobat/Reader update tackles a critical zero-day flaw that [Adobe says](<https://helpx.adobe.com/security/products/acrobat/apsb21-09.html>) is actively being exploited in the wild against Windows users, so if you have Adobe Acrobat or Reader installed, please make sure these programs are kept up to date.\n\nThere is also a zero-day flaw in **Google's Chrome Web browser** (CVE-2021-21148) that is seeing active attacks. Chrome downloads security updates automatically, but users still need to restart the browser for the updates to fully take effect. If you're a Chrome user and notice a red "update" prompt to the right of the address bar, it's time to save your work and restart the browser.\n\nStandard reminder: While staying up-to-date on Windows patches is a must, it\u2019s important to make sure you\u2019re updating only after you\u2019ve backed up your important data and files. A reliable backup means you\u2019re less likely to pull your hair out when the odd buggy patch causes problems booting the system.\n\nSo do yourself a favor and backup your files before installing any patches. Windows 10 even has [some built-in tools](<https://lifehacker.com/how-to-back-up-your-computer-automatically-with-windows-1762867473>) to help you do that, either on a per-file/folder basis or by making a complete and bootable copy of your hard drive all at once.\n\nKeep in mind that Windows 10 by default will automatically download and install updates on its own schedule. If you wish to ensure Windows has been set to pause updating so you can back up your files and/or system before the operating system decides to reboot and install patches, [see this guide](<https://www.computerworld.com/article/3543189/check-to-make-sure-you-have-windows-updates-paused.html>).\n\nAnd as always, if you experience glitches or problems installing any of these patches this month, please consider leaving a comment about it below; there\u2019s a better-than-even chance other readers have experienced the same and may chime in here with some helpful tips.", "modified": "2021-02-09T22:37:19", "published": "2021-02-09T22:37:19", "id": "KREBS:1BEFD58F5124A2E4CA40BD9C1B49B9B7", "href": "https://krebsonsecurity.com/2021/02/microsoft-patch-tuesday-february-2021-edition/", "type": "krebs", "title": "Microsoft Patch Tuesday, February 2021 Edition", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2021-02-12T14:36:06", "bulletinFamily": "unix", "cvelist": ["CVE-2021-21142", "CVE-2021-21143", "CVE-2021-21144", "CVE-2021-21145", "CVE-2021-21146", "CVE-2021-21147", "CVE-2021-21148"], "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "modified": "2021-02-10T01:20:58", "published": "2021-02-10T01:20:58", "id": "FEDORA:BB03930B3A56", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: chromium-88.0.4324.150-1.fc33", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-17T09:09:49", "bulletinFamily": "unix", "cvelist": ["CVE-2021-21142", "CVE-2021-21143", "CVE-2021-21144", "CVE-2021-21145", "CVE-2021-21146", "CVE-2021-21147", "CVE-2021-21148"], "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "modified": "2021-02-17T05:09:44", "published": "2021-02-17T05:09:44", "id": "FEDORA:4E16930B130B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: chromium-88.0.4324.150-1.fc32", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "archlinux": [{"lastseen": "2021-02-12T13:10:45", "bulletinFamily": "unix", "cvelist": ["CVE-2021-21142", "CVE-2021-21143", "CVE-2021-21144", "CVE-2021-21145", "CVE-2021-21146", "CVE-2021-21147", "CVE-2021-21148"], "description": "Arch Linux Security Advisory ASA-202102-6\n=========================================\n\nSeverity: Critical\nDate : 2021-02-06\nCVE-ID : CVE-2021-21142 CVE-2021-21143 CVE-2021-21144 CVE-2021-21145\nCVE-2021-21146 CVE-2021-21147 CVE-2021-21148\nPackage : chromium\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1525\n\nSummary\n=======\n\nThe package chromium before version 88.0.4324.150-1 is vulnerable to\nmultiple issues including arbitrary code execution and incorrect\ncalculation.\n\nResolution\n==========\n\nUpgrade to 88.0.4324.150-1.\n\n# pacman -Syu \"chromium>=88.0.4324.150-1\"\n\nThe problems have been fixed upstream in version 88.0.4324.150.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2021-21142 (arbitrary code execution)\n\nA use after free security issue was found in the Payments component of\nthe Chromium browser before version 88.0.4324.146.\n\n- CVE-2021-21143 (arbitrary code execution)\n\nA heap buffer overflow security issue was found in the Extensions\ncomponent of the Chromium browser before version 88.0.4324.146.\n\n- CVE-2021-21144 (arbitrary code execution)\n\nA heap buffer overflow security issue was found in the Tab Groups\ncomponent of the Chromium browser before version 88.0.4324.146.\n\n- CVE-2021-21145 (arbitrary code execution)\n\nA use after free security issue was found in the Fonts component of the\nChromium browser before version 88.0.4324.146.\n\n- CVE-2021-21146 (arbitrary code execution)\n\nA use after free security issue was found in the Navigation component\nof the Chromium browser before version 88.0.4324.146.\n\n- CVE-2021-21147 (incorrect calculation)\n\nAn inappropriate implementation security issue was found in the Skia\ncomponent of the Chromium browser before version 88.0.4324.146.\n\n- CVE-2021-21148 (arbitrary code execution)\n\nA heap buffer overflow security issue was found in the V8 component of\nthe Chromium browser before version 88.0.4324.150.\n\nImpact\n======\n\nA remote attacker might be able to bypass security measures or execute\narbitrary code.\n\nReferences\n==========\n\nhttps://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop.html\nhttps://crbug.com/1169317\nhttps://crbug.com/1163504\nhttps://crbug.com/1163845\nhttps://crbug.com/1154965\nhttps://crbug.com/1161705\nhttps://crbug.com/1162942\nhttps://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.html\nhttps://crbug.com/1170176\nhttps://security.archlinux.org/CVE-2021-21142\nhttps://security.archlinux.org/CVE-2021-21143\nhttps://security.archlinux.org/CVE-2021-21144\nhttps://security.archlinux.org/CVE-2021-21145\nhttps://security.archlinux.org/CVE-2021-21146\nhttps://security.archlinux.org/CVE-2021-21147\nhttps://security.archlinux.org/CVE-2021-21148", "modified": "2021-02-06T00:00:00", "published": "2021-02-06T00:00:00", "id": "ASA-202102-6", "href": "https://security.archlinux.org/ASA-202102-6", "type": "archlinux", "title": "[ASA-202102-6] chromium: multiple issues", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-12T13:10:45", "bulletinFamily": "unix", "cvelist": ["CVE-2020-16044", "CVE-2021-21117", "CVE-2021-21118", "CVE-2021-21119", "CVE-2021-21120", "CVE-2021-21121", "CVE-2021-21122", "CVE-2021-21123", "CVE-2021-21124", "CVE-2021-21125", "CVE-2021-21126", "CVE-2021-21127", "CVE-2021-21128", "CVE-2021-21129", "CVE-2021-21130", "CVE-2021-21131", "CVE-2021-21132", "CVE-2021-21133", "CVE-2021-21134", "CVE-2021-21135", "CVE-2021-21136", "CVE-2021-21137", "CVE-2021-21138", "CVE-2021-21139", "CVE-2021-21140", "CVE-2021-21141", "CVE-2021-21142", "CVE-2021-21143", "CVE-2021-21144", "CVE-2021-21145", "CVE-2021-21146", "CVE-2021-21147", "CVE-2021-21148"], "description": "Arch Linux Security Advisory ASA-202102-4\n=========================================\n\nSeverity: Critical\nDate : 2021-02-06\nCVE-ID : CVE-2020-16044 CVE-2021-21117 CVE-2021-21118 CVE-2021-21119\nCVE-2021-21120 CVE-2021-21121 CVE-2021-21122 CVE-2021-21123\nCVE-2021-21124 CVE-2021-21125 CVE-2021-21126 CVE-2021-21127\nCVE-2021-21128 CVE-2021-21129 CVE-2021-21130 CVE-2021-21131\nCVE-2021-21132 CVE-2021-21133 CVE-2021-21134 CVE-2021-21135\nCVE-2021-21136 CVE-2021-21137 CVE-2021-21138 CVE-2021-21139\nCVE-2021-21140 CVE-2021-21141 CVE-2021-21142 CVE-2021-21143\nCVE-2021-21144 CVE-2021-21145 CVE-2021-21146 CVE-2021-21147\nCVE-2021-21148\nPackage : vivaldi\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1478\n\nSummary\n=======\n\nThe package vivaldi before version 3.6.2165.36-1 is vulnerable to\nmultiple issues including arbitrary code execution, insufficient\nvalidation, content spoofing and incorrect calculation.\n\nResolution\n==========\n\nUpgrade to 3.6.2165.36-1.\n\n# pacman -Syu \"vivaldi>=3.6.2165.36-1\"\n\nThe problems have been fixed upstream in version 3.6.2165.36.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2020-16044 (arbitrary code execution)\n\nA security issue was found in Firefox before 84.0.2, Thunderbird before\n78.6.1 and Chromium before 88.0.4324.96. A malicious peer could have\nmodified a COOKIE-ECHO chunk in an SCTP packet in a way that\npotentially resulted in a use-after-free. Mozilla presumes that with\nenough effort it could have been exploited to run arbitrary code.\n\n- CVE-2021-21117 (insufficient validation)\n\nAn insufficient policy enforcement security issue was found in the\nCryptohome component of the Chromium browser before version\n88.0.4324.96.\n\n- CVE-2021-21118 (insufficient validation)\n\nAn insufficient data validation security issue was found in the V8\ncomponent of the Chromium browser before version 88.0.4324.96.\n\n- CVE-2021-21119 (arbitrary code execution)\n\nA use after free security issue was found in the Media component of the\nChromium browser before version 88.0.4324.96.\n\n- CVE-2021-21120 (arbitrary code execution)\n\nA use after free security issue was found in the WebSQL component of\nthe Chromium browser before version 88.0.4324.96.\n\n- CVE-2021-21121 (arbitrary code execution)\n\nA use after free security issue was found in the Omnibox component of\nthe Chromium browser before version 88.0.4324.96.\n\n- CVE-2021-21122 (arbitrary code execution)\n\nA use after free security issue was found in the Blink component of the\nChromium browser before version 88.0.4324.96.\n\n- CVE-2021-21123 (insufficient validation)\n\nAn insufficient data validation security issue was found in the File\nSystem component of the Chromium browser before version 88.0.4324.96.\n\n- CVE-2021-21124 (arbitrary code execution)\n\nA potential use after free security issue was found in the Speech\nRecognizer component of the Chromium browser before version\n88.0.4324.96.\n\n- CVE-2021-21125 (insufficient validation)\n\nAn insufficient policy enforcement security issue was found in the File\nSystem API component of the Chromium browser before version\n88.0.4324.96.\n\n- CVE-2021-21126 (insufficient validation)\n\nAn insufficient policy enforcement security issue was found in the\nextensions component of the Chromium browser before version\n88.0.4324.96.\n\n- CVE-2021-21127 (insufficient validation)\n\nAn insufficient policy enforcement security issue was found in the\nextensions component of the Chromium browser before version\n88.0.4324.96.\n\n- CVE-2021-21128 (arbitrary code execution)\n\nA heap buffer overflow security issue was found in the Blink component\nof the Chromium browser before version 88.0.4324.96.\n\n- CVE-2021-21129 (insufficient validation)\n\nAn insufficient policy enforcement security issue was found in the File\nSystem API component of the Chromium browser before version\n88.0.4324.96.\n\n- CVE-2021-21130 (insufficient validation)\n\nAn insufficient policy enforcement security issue was found in the File\nSystem API component of the Chromium browser before version\n88.0.4324.96.\n\n- CVE-2021-21131 (insufficient validation)\n\nAn insufficient policy enforcement security issue was found in the File\nSystem API component of the Chromium browser before version\n88.0.4324.96.\n\n- CVE-2021-21132 (incorrect calculation)\n\nAn inappropriate implementation security issue was found in the\nDevTools component of the Chromium browser before version 88.0.4324.96.\n\n- CVE-2021-21133 (insufficient validation)\n\nAn insufficient policy enforcement security issue was found in the\nDownloads component of the Chromium browser before version\n88.0.4324.96.\n\n- CVE-2021-21134 (content spoofing)\n\nAn incorrect security UI security issue was found in the Page Info\ncomponent of the Chromium browser before version 88.0.4324.96.\n\n- CVE-2021-21135 (incorrect calculation)\n\nAn inappropriate implementation security issue was found in the\nPerformance API component of the Chromium browser before version\n88.0.4324.96.\n\n- CVE-2021-21136 (insufficient validation)\n\nAn insufficient policy enforcement security issue was found in the\nWebView component of the Chromium browser before version 88.0.4324.96.\n\n- CVE-2021-21137 (incorrect calculation)\n\nAn inappropriate implementation security issue was found in the\nDevTools component of the Chromium browser before version 88.0.4324.96.\n\n- CVE-2021-21138 (arbitrary code execution)\n\nA use after free security issue was found in the DevTools component of\nthe Chromium browser before version 88.0.4324.96.\n\n- CVE-2021-21139 (incorrect calculation)\n\nAn inappropriate implementation security issue was found in the iframe\nsandbox component of the Chromium browser before version 88.0.4324.96.\n\n- CVE-2021-21140 (arbitrary code execution)\n\nAn uninitialized use security issue was found in the USB component of\nthe Chromium browser before version 88.0.4324.96.\n\n- CVE-2021-21141 (insufficient validation)\n\nAn insufficient policy enforcement security issue was found in the File\nSystem API component of the Chromium browser before version\n88.0.4324.96.\n\n- CVE-2021-21142 (arbitrary code execution)\n\nA use after free security issue was found in the Payments component of\nthe Chromium browser before version 88.0.4324.146.\n\n- CVE-2021-21143 (arbitrary code execution)\n\nA heap buffer overflow security issue was found in the Extensions\ncomponent of the Chromium browser before version 88.0.4324.146.\n\n- CVE-2021-21144 (arbitrary code execution)\n\nA heap buffer overflow security issue was found in the Tab Groups\ncomponent of the Chromium browser before version 88.0.4324.146.\n\n- CVE-2021-21145 (arbitrary code execution)\n\nA use after free security issue was found in the Fonts component of the\nChromium browser before version 88.0.4324.146.\n\n- CVE-2021-21146 (arbitrary code execution)\n\nA use after free security issue was found in the Navigation component\nof the Chromium browser before version 88.0.4324.146.\n\n- CVE-2021-21147 (incorrect calculation)\n\nAn inappropriate implementation security issue was found in the Skia\ncomponent of the Chromium browser before version 88.0.4324.146.\n\n- CVE-2021-21148 (arbitrary code execution)\n\nA heap buffer overflow security issue was found in the V8 component of\nthe Chromium browser before version 88.0.4324.150.\n\nImpact\n======\n\nA remote attacker might be able to bypass security measures, trick the\nuser into performing unwanted actions or execute arbitrary code.\n\nReferences\n==========\n\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2021-01/#CVE-2020-16044\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1683964\nhttps://hg.mozilla.org/mozilla-central/rev/08ba03dc8d4420e04e7c77fee3013e68180e6ead\nhttps://hg.mozilla.org/mozilla-central/rev/8c09f4813fc7e8f44605b6092262199bff15cdd7\nhttps://hg.mozilla.org/mozilla-central/rev/5991645a87d2abf289686d09d943229c9e3e54b5\nhttps://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html\nhttps://crbug.com/1137179\nhttps://crbug.com/1161357\nhttps://crbug.com/1160534\nhttps://crbug.com/1160602\nhttps://crbug.com/1161143\nhttps://crbug.com/1162131\nhttps://crbug.com/1137247\nhttps://crbug.com/1131346\nhttps://crbug.com/1152327\nhttps://crbug.com/1108126\nhttps://crbug.com/1115590\nhttps://crbug.com/1138877\nhttps://crbug.com/1140403\nhttps://crbug.com/1140410\nhttps://crbug.com/1140417\nhttps://crbug.com/1128206\nhttps://crbug.com/1157743\nhttps://crbug.com/1157800\nhttps://crbug.com/1157818\nhttps://crbug.com/1038002\nhttps://crbug.com/1093791\nhttps://crbug.com/1122487\nhttps://crbug.com/937131\nhttps://crbug.com/1136327\nhttps://crbug.com/1140435\nhttps://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop.html\nhttps://crbug.com/1169317\nhttps://crbug.com/1163504\nhttps://crbug.com/1163845\nhttps://crbug.com/1154965\nhttps://crbug.com/1161705\nhttps://crbug.com/1162942\nhttps://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.html\nhttps://crbug.com/1170176\nhttps://security.archlinux.org/CVE-2020-16044\nhttps://security.archlinux.org/CVE-2021-21117\nhttps://security.archlinux.org/CVE-2021-21118\nhttps://security.archlinux.org/CVE-2021-21119\nhttps://security.archlinux.org/CVE-2021-21120\nhttps://security.archlinux.org/CVE-2021-21121\nhttps://security.archlinux.org/CVE-2021-21122\nhttps://security.archlinux.org/CVE-2021-21123\nhttps://security.archlinux.org/CVE-2021-21124\nhttps://security.archlinux.org/CVE-2021-21125\nhttps://security.archlinux.org/CVE-2021-21126\nhttps://security.archlinux.org/CVE-2021-21127\nhttps://security.archlinux.org/CVE-2021-21128\nhttps://security.archlinux.org/CVE-2021-21129\nhttps://security.archlinux.org/CVE-2021-21130\nhttps://security.archlinux.org/CVE-2021-21131\nhttps://security.archlinux.org/CVE-2021-21132\nhttps://security.archlinux.org/CVE-2021-21133\nhttps://security.archlinux.org/CVE-2021-21134\nhttps://security.archlinux.org/CVE-2021-21135\nhttps://security.archlinux.org/CVE-2021-21136\nhttps://security.archlinux.org/CVE-2021-21137\nhttps://security.archlinux.org/CVE-2021-21138\nhttps://security.archlinux.org/CVE-2021-21139\nhttps://security.archlinux.org/CVE-2021-21140\nhttps://security.archlinux.org/CVE-2021-21141\nhttps://security.archlinux.org/CVE-2021-21142\nhttps://security.archlinux.org/CVE-2021-21143\nhttps://security.archlinux.org/CVE-2021-21144\nhttps://security.archlinux.org/CVE-2021-21145\nhttps://security.archlinux.org/CVE-2021-21146\nhttps://security.archlinux.org/CVE-2021-21147\nhttps://security.archlinux.org/CVE-2021-21148", "modified": "2021-02-06T00:00:00", "published": "2021-02-06T00:00:00", "id": "ASA-202102-4", "href": "https://security.archlinux.org/ASA-202102-4", "type": "archlinux", "title": "[ASA-202102-4] vivaldi: multiple issues", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2021-02-20T13:30:04", "bulletinFamily": "unix", "cvelist": ["CVE-2021-21148", "CVE-2021-21151", "CVE-2021-21156", "CVE-2021-21155", "CVE-2021-21150", "CVE-2021-21152", "CVE-2021-21154", "CVE-2021-21149", "CVE-2021-21153", "CVE-2021-21157"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4858-1 security@debian.org\nhttps://www.debian.org/security/ Michael Gilbert\nFebruary 19, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium\nCVE ID : CVE-2021-21148 CVE-2021-21149 CVE-2021-21150 CVE-2021-21151\n CVE-2021-21152 CVE-2021-21153 CVE-2021-21154 CVE-2021-21155\n CVE-2021-21156 CVE-2021-21157\n\nSeveral vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2021-21148\n\n Mattias Buelens discovered a buffer overflow issue in the v8 javascript\n library.\n\nCVE-2021-21149\n\n Ryoya Tsukasaki discovered a stack overflow issue in the Data Transfer\n implementation.\n\nCVE-2021-21150\n\n Woojin Oh discovered a use-after-free issue in the file downloader.\n\nCVE-2021-21151\n\n Khalil Zhani discovered a use-after-free issue in the payments system.\n\nCVE-2021-21152\n\n A buffer overflow was discovered in media handling.\n\nCVE-2021-21153\n\n Jan Ruge discovered a stack overflow issue in the GPU process.\n\nCVE-2021-21154\n\n Abdulrahman Alqabandi discovered a buffer overflow issue in the Tab Strip\n implementation.\n\nCVE-2021-21155\n\n Khalil Zhani discovered a buffer overflow issue in the Tab Strip\n implementation.\n\nCVE-2021-21156\n\n Sergei Glazunov discovered a buffer overflow issue in the v8 javascript\n library.\n\nCVE-2021-21157\n\n A use-after-free issue was discovered in the Web Sockets implementation.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 88.0.4324.182-1~deb10u1.\n\nWe recommend that you upgrade your chromium packages.\n\nFor the detailed security status of chromium please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/chromium\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 1, "modified": "2021-02-20T02:30:21", "published": "2021-02-20T02:30:21", "id": "DEBIAN:DSA-4858-1:7131E", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2021/msg00039.html", "title": "[SECURITY] [DSA 4858-1] chromium security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "rapid7blog": [{"lastseen": "2021-02-10T00:48:57", "bulletinFamily": "info", "cvelist": ["CVE-2020-1472", "CVE-2021-1639", "CVE-2021-1698", "CVE-2021-1721", "CVE-2021-1722", "CVE-2021-1724", "CVE-2021-1726", "CVE-2021-1727", "CVE-2021-1728", "CVE-2021-1730", "CVE-2021-1731", "CVE-2021-1732", "CVE-2021-1733", "CVE-2021-1734", "CVE-2021-21017", "CVE-2021-21142", "CVE-2021-21143", "CVE-2021-21144", "CVE-2021-21145", "CVE-2021-21146", "CVE-2021-21147", "CVE-2021-21148", "CVE-2021-24066", "CVE-2021-24067", "CVE-2021-24068", "CVE-2021-24069", "CVE-2021-24070", "CVE-2021-24071", "CVE-2021-24072", "CVE-2021-24073", "CVE-2021-24074", "CVE-2021-24075", "CVE-2021-24076", "CVE-2021-24077", "CVE-2021-24078", "CVE-2021-24079", "CVE-2021-24080", "CVE-2021-24081", "CVE-2021-24082", "CVE-2021-24083", "CVE-2021-24084", "CVE-2021-24085", "CVE-2021-24086", "CVE-2021-24087", "CVE-2021-24088", "CVE-2021-24091", "CVE-2021-24092", "CVE-2021-24093", "CVE-2021-24094", "CVE-2021-24096", "CVE-2021-24098", "CVE-2021-24099", "CVE-2021-24100", "CVE-2021-24101", "CVE-2021-24102", "CVE-2021-24103", "CVE-2021-24105", "CVE-2021-24106", "CVE-2021-24109", "CVE-2021-24111", "CVE-2021-24112", "CVE-2021-24113", "CVE-2021-24114", "CVE-2021-25195", "CVE-2021-26700", "CVE-2021-26701"], "description": "\n\nThe second Patch Tuesday of 2021 is relatively light on the vulnerability count, with 64 CVEs being addressed across the majority of Microsoft\u2019s product families. Despite that, there\u2019s still plenty to discuss this month.\n\n### Vulnerability Breakdown by Software Family\n\nFamily | Vulnerability Count \n---|--- \nWindows | 28 \nESU | 14 \nMicrosoft Office | 11 \nBrowser | 9 \nDeveloper Tools | 8 \nMicrosoft Dynamics | 2 \nExchange Server | 2 \nAzure | 2 \nSystem Center | 2 \n \n### Exploited and Publicly Disclosed Vulnerabilities\n\nOne zero-day was announced: [CVE-2021-1732](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1732>) is a privilege elevation vulnerability affecting the Win32k component of Windows 10 and Windows Server 2019, reported to be exploited in the wild. Four vulnerabilities have been previously disclosed: [CVE-2021-1727](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1727>), a privilege elevation vulnerability in Windows Installer, affecting all supported versions of Windows; [CVE-2021-24098](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24098>), which is a denial of service (DoS) affecting Windows 10 and Server 2019; [CVE-2021-24106](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24106>), an information disclosure vulnerability affecting DirectX in Windows 10 and Server 2019; and [CVE-2021-26701](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26701>), an RCE in .NET Core.\n\n### Vulnerabilities in Windows TCP/IP\n\nMicrosoft also disclosed a set of [three serious vulnerabilities](<https://msrc-blog.microsoft.com/2021/02/09/multiple-security-updates-affecting-tcp-ip/>) affecting the TCP/IP networking stack in all supported versions of Windows. Two of these ([CVE-2021-24074](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24074>) and [CVE-2021-24094](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24094>)) carry a base CVSSv3 score of 9.8 and could allow Remote Code Execution (RCE). [CVE-2021-24094](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24094>) is specific to IPv6 link-local addresses, meaning it isn\u2019t exploitable over the public internet. [CVE-2021-24074](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24074>), however, does not have this limitation. The third, [CVE-2021-24086](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24086>), is a DoS vulnerability that could allow an attacker to trigger a \u201cblue screen of death\u201d on any Windows system that is directly exposed to the internet, using only a small amount of network traffic. The RCE exploits are probably not a threat in the short term, due to the complexity of the vulnerabilities, but DoS attacks are expected to be seen much more quickly. Windows systems should be patched as soon as possible to protect against these.\n\nIn the event a patch cannot be applied immediately, such as on systems that cannot be rebooted, Microsoft has published mitigation guidance that will protect against exploitation of the TCP/IP vulnerabilities. Depending on the exposure of an asset, IPv4 Source Routing should be disabled via a Group Policy or a Netsh command, and IPv6 packet reassembly should be disabled via a separate Netsh command. IPv4 Source Routing requests and IPv6 fragments can also be blocked load balancers, firewalls, or other edge devices to mitigate these issues.\n\n### Zerologon Update\n\nBack in August, 2020, Microsoft addressed a critical remote code vulnerability (CVE-2020-1472) affecting the Netlogon protocol (MS-NRPC), a.k.a. \u201c[Zerologon](<https://blog.rapid7.com/2020/09/14/cve-2020-1472-zerologon-critical-privilege-escalation/>)\u201d. In October, Microsoft [noted](<https://msrc-blog.microsoft.com/2020/10/29/attacks-exploiting-netlogon-vulnerability-cve-2020-1472/>) that attacks which exploit this weakness have been seen in the wild. On January 14, 2021, they [reminded](<https://msrc-blog.microsoft.com/2021/01/14/netlogon-domain-controller-enforcement-mode-is-enabled-by-default-beginning-with-the-february-9-2021-security-update-related-to-cve-2020-1472/>) organizations that the February 2021 security update bundle will also be enabling \u201cDomain Controller enforcement mode\" by default to fully address this weakness. Any system that tries to make an insecure Netlogon connection will be denied access. Any business-critical process that relies on these insecure connections will cease to function. Rapid7 encourages all organizations to [heed the detailed guidance](<https://support.microsoft.com/en-us/topic/how-to-manage-the-changes-in-netlogon-secure-channel-connections-associated-with-cve-2020-1472-f7e8cc17-0309-1d6a-304e-5ba73cd1a11e#bkmk_detectingnon_compliant>) before applying the latest updates to ensure continued business process continuity.\n\n### Adobe\n\nMost important amongst the [six security advisories](<https://helpx.adobe.com/security.html>) published by Adobe today is [APSB21-09](<https://helpx.adobe.com/security/products/acrobat/apsb21-09.html>), detailing 23 CVEs affecting Adobe Acrobat and Reader. Six of these are rated Critical and allow Arbitrary Code Execution, and one of which (CVE-2021-21017), has been seen exploited in the wild in attacks targeting Adobe Reader users on Windows.\n\n### Summary Tables\n\n#### Azure Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Publicly Disclosed | CVSSv3 Base Score | FAQ? \n---|---|---|---|---|--- \n[CVE-2021-24109](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24109>) | Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability | No | No | 6.8 | Yes \n[CVE-2021-24087](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24087>) | Azure IoT CLI extension Elevation of Privilege Vulnerability | No | No | 7 | Yes \n \n#### Browser Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Publicly Disclosed | CVSSv3 Base Score | FAQ? \n---|---|---|---|---|--- \n[CVE-2021-24100](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24100>) | Microsoft Edge for Android Information Disclosure Vulnerability | No | No | 5 | Yes \n[CVE-2021-24113](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24113>) | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | No | No | 4.6 | Yes \n[CVE-2021-21148](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21148>) | Chromium CVE-2021-21148: Heap buffer overflow in V8 | N/A | N/A | nan | Yes \n[CVE-2021-21147](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21147>) | Chromium CVE-2021-21147: Inappropriate implementation in Skia | N/A | N/A | nan | Yes \n[CVE-2021-21146](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21146>) | Chromium CVE-2021-21146: Use after free in Navigation | N/A | N/A | nan | Yes \n[CVE-2021-21145](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21145>) | Chromium CVE-2021-21145: Use after free in Fonts | N/A | N/A | nan | Yes \n[CVE-2021-21144](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21144>) | Chromium CVE-2021-21144: Heap buffer overflow in Tab Groups | N/A | N/A | nan | Yes \n[CVE-2021-21143](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21143>) | Chromium CVE-2021-21143: Heap buffer overflow in Extensions | N/A | N/A | nan | Yes \n[CVE-2021-21142](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21142>) | Chromium CVE-2021-21142: Use after free in Payments | N/A | N/A | nan | Yes \n \n#### Developer Tools Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Publicly Disclosed | CVSSv3 Base Score | FAQ? \n---|---|---|---|---|--- \n[CVE-2021-26700](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26700>) | Visual Studio Code npm-script Extension Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-1639](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1639>) | Visual Studio Code Remote Code Execution Vulnerability | No | No | 7 | No \n[CVE-2021-1733](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1733>) | Sysinternals PsExec Elevation of Privilege Vulnerability | No | Yes | 7.8 | Yes \n[CVE-2021-24105](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24105>) | Package Managers Configurations Remote Code Execution Vulnerability | No | No | 8.4 | Yes \n[CVE-2021-24111](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24111>) | .NET Framework Denial of Service Vulnerability | No | No | 7.5 | No \n[CVE-2021-1721](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721>) | .NET Core and Visual Studio Denial of Service Vulnerability | No | Yes | 6.5 | No \n[CVE-2021-26701](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26701>) | .NET Core Remote Code Execution Vulnerability | No | Yes | 8.1 | Yes \n[CVE-2021-24112](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24112>) | .NET Core Remote Code Execution Vulnerability | No | No | 8.1 | Yes \n \n#### ESU Windows Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Publicly Disclosed | CVSSv3 Base Score | FAQ? \n---|---|---|---|---|--- \n[CVE-2021-24080](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24080>) | Windows Trust Verification API Denial of Service Vulnerability | No | No | 6.5 | No \n[CVE-2021-24074](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24074>) | Windows TCP/IP Remote Code Execution Vulnerability | No | No | 9.8 | Yes \n[CVE-2021-24094](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24094>) | Windows TCP/IP Remote Code Execution Vulnerability | No | No | 9.8 | Yes \n[CVE-2021-24086](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24086>) | Windows TCP/IP Denial of Service Vulnerability | No | No | 7.5 | Yes \n[CVE-2021-1734](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1734>) | Windows Remote Procedure Call Information Disclosure Vulnerability | No | No | 7.5 | Yes \n[CVE-2021-25195](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-25195>) | Windows PKU2U Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-24088](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24088>) | Windows Local Spooler Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2021-1727](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1727>) | Windows Installer Elevation of Privilege Vulnerability | No | Yes | 7.8 | No \n[CVE-2021-24077](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24077>) | Windows Fax Service Remote Code Execution Vulnerability | No | No | 9.8 | Yes \n[CVE-2021-1722](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1722>) | Windows Fax Service Remote Code Execution Vulnerability | No | No | 8.1 | Yes \n[CVE-2021-24102](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24102>) | Windows Event Tracing Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-24103](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24103>) | Windows Event Tracing Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-24078](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24078>) | Windows DNS Server Remote Code Execution Vulnerability | No | No | 9.8 | Yes \n[CVE-2021-24083](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24083>) | Windows Address Book Remote Code Execution Vulnerability | No | No | 7.8 | No \n \n#### Exchange Server Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Publicly Disclosed | CVSSv3 Base Score | FAQ? \n---|---|---|---|---|--- \n[CVE-2021-24085](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24085>) | Microsoft Exchange Server Spoofing Vulnerability | No | No | 6.5 | Yes \n[CVE-2021-1730](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1730>) | Microsoft Exchange Server Spoofing Vulnerability | No | No | 5.4 | Yes \n \n#### Microsoft Dynamics Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Publicly Disclosed | CVSSv3 Base Score | FAQ? \n---|---|---|---|---|--- \n[CVE-2021-1724](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1724>) | Microsoft Dynamics Business Central Cross-site Scripting Vulnerability | No | No | 6.1 | No \n[CVE-2021-24101](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24101>) | Microsoft Dataverse Information Disclosure Vulnerability | No | No | 6.5 | Yes \n \n#### Microsoft Office Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Publicly Disclosed | CVSSv3 Base Score | FAQ? \n---|---|---|---|---|--- \n[CVE-2021-24073](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24073>) | Skype for Business and Lync Spoofing Vulnerability | No | No | 6.5 | No \n[CVE-2021-24099](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24099>) | Skype for Business and Lync Denial of Service Vulnerability | No | No | 6.5 | No \n[CVE-2021-24114](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24114>) | Microsoft Teams iOS Information Disclosure Vulnerability | No | No | 5.7 | Yes \n[CVE-2021-1726](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1726>) | Microsoft SharePoint Spoofing Vulnerability | No | No | 8 | Yes \n[CVE-2021-24072](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24072>) | Microsoft SharePoint Server Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2021-24066](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24066>) | Microsoft SharePoint Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2021-24071](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24071>) | Microsoft SharePoint Information Disclosure Vulnerability | No | No | 5.3 | Yes \n[CVE-2021-24067](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24067>) | Microsoft Excel Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-24068](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24068>) | Microsoft Excel Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-24069](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24069>) | Microsoft Excel Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-24070](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24070>) | Microsoft Excel Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n \n## System Center Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Publicly Disclosed | CVSSv3 Base Score | FAQ? \n---|---|---|---|---|--- \n[CVE-2021-1728](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1728>) | System Center Operations Manager Elevation of Privilege Vulnerability | No | No | 8.8 | Yes \n[CVE-2021-24092](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24092>) | Microsoft Defender Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n \n#### Windows Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Publicly Disclosed | CVSSv3 Base Score | FAQ? \n---|---|---|---|---|--- \n[CVE-2021-1732](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1732>) | Windows Win32k Elevation of Privilege Vulnerability | Yes | No | 7.8 | No \n[CVE-2021-1698](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1698>) | Windows Win32k Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-24075](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24075>) | Windows Network File System Denial of Service Vulnerability | No | No | 6.8 | No \n[CVE-2021-24084](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24084>) | Windows Mobile Device Management Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-24096](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24096>) | Windows Kernel Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-24093](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24093>) | Windows Graphics Component Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2021-24106](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24106>) | Windows DirectX Information Disclosure Vulnerability | No | Yes | 5.5 | Yes \n[CVE-2021-24098](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24098>) | Windows Console Driver Denial of Service Vulnerability | No | Yes | 5.5 | Yes \n[CVE-2021-24091](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24091>) | Windows Camera Codec Pack Remote Code Execution Vulnerability | No | No | 7.8 | No \n[CVE-2021-24079](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24079>) | Windows Backup Engine Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-1731](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1731>) | PFX Encryption Security Feature Bypass Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-24082](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24082>) | Microsoft.PowerShell.Utility Module WDAC Security Feature Bypass Vulnerability | No | No | 4.3 | No \n[CVE-2021-24076](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24076>) | Microsoft Windows VMSwitch Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-24081](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24081>) | Microsoft Windows Codecs Library Remote Code Execution Vulnerability | No | No | 7.8 | No \n \n### Summary Charts\n\n\n\n________Note: _______Chart_______ data is reflective of data presented by Microsoft's CVRF at the time of writing.________", "modified": "2021-02-09T23:51:27", "published": "2021-02-09T23:51:27", "id": "RAPID7BLOG:44EA89871AFF6881B909B9FD0E07034F", "href": "https://blog.rapid7.com/2021/02/09/patch-tuesday-february-2021/", "type": "rapid7blog", "title": "Patch Tuesday - February 2021", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}