CVE-2021-37975

Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Recent assessments:

gwillcox-r7 at October 02, 2021 7:38pm UTC reported:

Exploitation in the wild of this bug has been noted as reported by Google at <https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_30.html&gt;. The bug details are available at <https://bugs.chromium.org/p/chromium/issues/detail?id=1252918&gt; but are still classified to the public until more people have patched.

The bug in question is a Use-After-Free vulnerability in the V8 JavaScript rendering engine of Google Chrome prior to 94.0.4606.71. It was reported by an anonymous user on 2021-09-24. Use-After-Free vulnerabilities in V8 are not all that uncommon and are frequently used in the wild to attack Chrome users, as was observed with this particular bug. They often give an attacker access to the user’s desktop considering that the V8 engine is not sandboxed, although according to <https://www.zdnet.com/article/bugs-in-chromes-javascript-engine-can-lead-to-powerful-exploits-this-project-aims-to-stop-them/&gt;, there are plans by Google to potentially look at sandboxing the V8 engine in the future.

All in all given the severity of this bug, the lack of sandboxing of the V8 engine, the history of exploitation of V8 bugs in the past giving a rich knowledge base for attackers to work from, and the fact that this bug has been exploited in the wild already, I would highly recommend patching this bug as soon as possible.

If this is not possible then JavaScript should be disabled on all untrusted sites using a plugin such as NoScript or by disabling JavaScript execution within the settings of Chrome itself to avoid exposing oneself to this vulnerability until patches can be deployed.

Assessed Attacker Value: 4
Assessed Attacker Value: 4Assessed Attacker Value: 2