Kaspersky LabKLA12350KLA12350 Multiple vulnerabilities in Google Chrome
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
0.008 Low
EPSS
Percentile
81.4%
Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, bypass security restrictions, obtain sensitive information.
Below is a complete list of vulnerabilities:
- Use after free vulnerability in storage foundation can be exploited to cause denial of service or execute arbitrary code.
- Implementation vulnerability in service can be exploited to cause denial of service.
- Type confusion vulnerability in V8 can be exploited to cause denial of service.
- Policy enforcement vulnerability in CORS can be exploited to bypass security restrictions.
- Use after free vulnerability in media can be exploited to cause denial of service or execute arbitrary code.
- Implementation vulnerability in referrer can be exploited to cause denial of service.
- Use after free vulnerability in loader can be exploited to cause denial of service or execute arbitrary code.
- Implementation vulnerability in input can be exploited to cause denial of service.
- Policy enforcement vulnerability in sandbox can be exploited to bypass security restrictions.
- Heap buffer overflow vulnerability in fingerprint recognition can be exploited to cause denial of service.
- Policy enforcement vulnerability in contacts picker can be exploited to bypass security restrictions.
- Policy enforcement vulnerability in background fetch can be exploited to bypass security restrictions.
- Out of bounds write vulnerability in Swiftshader can be exploited to cause denial of service or execute arbitrary code.
- Implementation vulnerability in cache can be exploited to cause denial of service.
- Implementation vulnerability in navigation can be exploited to cause denial of service.
- Implementation vulnerability in WebAuthentication can be exploited to cause denial of service.
Original advisories
Stable Channel Update for Desktop
Related products
CVE list
CVE-2021-38011 unknown
CVE-2021-38010 unknown
CVE-2021-38012 unknown
CVE-2021-38019 unknown
CVE-2021-38006 unknown
CVE-2021-38008 unknown
CVE-2021-38021 unknown
CVE-2021-38005 unknown
CVE-2021-38015 unknown
CVE-2021-38017 unknown
CVE-2021-38013 unknown
CVE-2021-38020 unknown
CVE-2021-38016 unknown
CVE-2021-38014 unknown
CVE-2021-38007 unknown
CVE-2021-38009 unknown
CVE-2021-38018 unknown
CVE-2021-38022 unknown
Solution
Update to the latest version
Impacts
- ACE
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
- OSI
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
- DoS
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
- SB
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
Affected Products
- Google Chrome earlier thanΒ 96.0.4664.45
Related
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
0.008 Low
EPSS
Percentile
81.4%