Kaspersky LabKLA12247KLA12247 Multiple vulnerabilities in Google Chrome
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
10 High
AI Score
Confidence
High
0.008 Low
EPSS
Percentile
81.2%
Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information, spoof user interface.
Below is a complete list of vulnerabilities:
- Use after free vulnerability in File System API can be exploited to cause denial of service or execute arbitrary code.
- Heap buffer overflow vulnerability in Bookmarks can be exploited to cause denial of service or execute arbitrary code.
- Use after free vulnerability in Browser UI can be exploited to cause denial of service or execute arbitrary code.
- Out of bounds write vulnerability in Tab Groups can be exploited to cause denial of service or execute arbitrary code.
- Use after free vulnerability in Page Info UI can be exploited to cause denial of service or execute arbitrary code.
- Out of bounds read vulnerability in Tab Strip can be exploited to cause denial of service or obtain sensitive information.
- Incorrect security UI vulnerability in Navigation can be exploited to obtain sensitive information and spoof user interface.
Original advisories
Stable Channel Update for Desktop
Related products
CVE list
CVE-2021-30591 unknown
CVE-2021-30590 unknown
CVE-2021-30597 unknown
CVE-2021-30592 unknown
CVE-2021-30594 unknown
CVE-2021-30593 unknown
CVE-2021-30596 unknown
Solution
Update to the latest version
Impacts
- ACE
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
- OSI
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
- DoS
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
- SUI
Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.
Affected Products
- Google Chrome earlier thanΒ 92.0.4515.131
Related
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
10 High
AI Score
Confidence
High
0.008 Low
EPSS
Percentile
81.2%