Home > Cyber News > CVE-2021-30632 and CVE-2021-30633: Chrome Zero-Days Exploited in the Wild
CYBER NEWS

CVE-2021-30632 and CVE-2021-30633: Chrome Zero-Days Exploited in the Wild

CVE-2021-30632 and CVE-2021-30633 Zero-Days in Chrome

Is your Chrome browser up-to-date? Google just released fixes for 11 security vulnerabilities, two of which are actively exploited in the wild. All 11 vulnerabilities are highly dangerous.




To prevent your browser from being exploited by hackers, you should apply the update immediately.
The two actively exploited flaws are zero-days identified as CVE-2021-30632 and CVE-2021-30633.

CVE-2021-30632 and CVE-2021-30633 Zero-Days in Chrome

Not surprisingly, the vulnerabilities reside in V8 JavaScript engine. CVE-2021-30632 is an out of bounds write in the engine, whereas CVE-2021-30633 is a use after free in Indexed DB API. Both flaws were reported by an anonymous party.

Here’s the list of all 11 security issues fixed in 93.0.4577.82 for Windows, Mac and Linux which will roll out over the coming days:

[$7500][1237533] High CVE-2021-30625: Use after free in Selection API. Reported by Marcin Towalski of Cisco Talos on 2021-08-06
[$7500][1241036] High CVE-2021-30626: Out of bounds memory access in ANGLE. Reported by Jeonghoon Shin of Theori on 2021-08-18
[$5000][1245786] High CVE-2021-30627: Type Confusion in Blink layout. Reported by Aki Helin of OUSPG on 2021-09-01
[$TBD][1241123] High CVE-2021-30628: Stack buffer overflow in ANGLE. Reported by Jaehun Jeong(@n3sk) of Theori on 2021-08-18
[$TBD][1243646] High CVE-2021-30629: Use after free in Permissions. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi’anxin Group on 2021-08-26
[$TBD][1244568] High CVE-2021-30630: Inappropriate implementation in Blink . Reported by SorryMybad (@S0rryMybad) of Kunlun Lab on 2021-08-30
[$TBD][1246932] High CVE-2021-30631: Type Confusion in Blink layout. Reported by Atte Kettunen of OUSPG on 2021-09-06
[$TBD][1247763] High CVE-2021-30632: Out of bounds write in V8. Reported by Anonymous on 2021-09-08
[$TBD][1247766] High CVE-2021-30633: Use after free in Indexed DB API. Reported by Anonymous on 2021-09-08

Earlier this year, Indian security researcher Rajvardhan Agarwal published a proof-of-concept code for another V8 JavaScript engine vulnerability affecting Google Chrome, Microsoft Edge, Brave, and Opera (all Chromium-based).

The vulnerability is most likely the same flaw, which was demonstrated during Pwn2Own 2021 by Dataflow Security’s researchers Bruno Keith and Niklas Baumstark. The two researchers won $100,000 from the hacking contest for successfully exploiting the vulnerability to run malicious code within Chrome and Edge browsers.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...