Wednesday, November 6, 2024
HomeCyber CrimeVulnerability Spotlight: Use-after-free condition in Google Chrome could lead to code execution

Vulnerability Spotlight: Use-after-free condition in Google Chrome could lead to code execution

Cisco Talos recently uncovered a vulnerability in Google Chrome that can be exploited.

 

Chrome is a cross-platform web browser, while Chromium is the open-source version of Chrome that other software developers use to create their own browsers. Blink, the fundamental DOM parsing and rendering engine at the heart of Chromium, is vulnerable to this exact flaw.

 

The use-after-free vulnerability TALOS-2021-1352 (CVE-2021-30625) is triggered when a user visits a specially constructed web page in Chrome. That page could cause previously freed memory to be reused, potentially leading to the execution of arbitrary code. An attacker could execute arbitrary code in the context of the browser if this vulnerability is successfully exploited. An attacker could read, alter, or remove data depending on the privileges associated with the inst In accordance with Cisco’s vulnerability disclosure policy, Cisco Talos worked with Google to remedy the issue and make an update available to affected users.

 

Users are advised to update the following products as soon as possible: Versions 92.0.4515.131 (Stable) and 94.0.4597.1 of Google Chrome (Canary). This vulnerability could be exploited by these versions of Chrome, according to Talos.

 

The SNORTR rules 58001 and 58002 will detect exploitation attempts against this vulnerability. Additional rules may be provided in the future, and existing rules may be modified based on new vulnerability information. Please consult your Firepower Management Center or Snort.org for the most up-to-date rule information.

THREAT INTELLIGENCE: According to Google, a bug has been discovered in the wild.

 

RISK: Google Chrome versions prior to 94.0.4606.61 SYSTEMS AFFECTED: Google Chrome versions prior to 94.0.4606.61 SYSTEMS AFFECTED: Google Chrome versions prior to 94.0.4606.61 SYS

HIGH FOR LARGE AND MEDIUM-SIZED GOVERNMENTAL ORGANIZATIONS

MEDIUM-SIZED GOVERNMENTAL ORGANIZATIONS

Large and medium-sized businesses: HIGH

MEDIUM-SIZED COMPANIES

TECHNICAL SUMMARY:

In Google Chrome a vulnerabi Google Chrome is an internet browser.lity has been uncovered. This has the high risk of generating the execution of arbitrary code. A Use after free could lead to the execution of arbitrary code. An attacker could execute arbitrary code in the context of the browser if this vulnerability is successfully exploited. An attacker could read, alter, or remove data depending on the privileges associated with the instance.

RECOMMENDATIONS:

The following actions are suggested for better protection be taken:

  • Google provide the stable updated channel to any vulnerable systems. User need to apply this immediately after appropriate testing.
  • The vulnerable attacks always does not become successful when all the software is run as non-privileged user (one without administrative privileges).
  • The user alerts are made to educate them not to use the hypertext links contained in emails or attachments. This is because they are from the untrusted sources.
  • It is hereby informed to all the user to apply the Principle of Least Privilege.
  • The users are reminded once more to not visit any un-trusted websites or following any internet links by untrusted sources.

 

David Scott
David Scott
Digital Marketing Specialist .
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

Recent Comments

Izzi Казино онлайн казино казино x мобильді нұсқасы on Instagram and Facebook Video Download Made Easy with ssyoutube.com
Temporada 2022-2023 on CamPhish
2017 Grammy Outfits on Meesho Supplier Panel: Register Now!
React JS Training in Bangalore on Best Online Learning Platforms in India
DigiSec Technologies | Digital Marketing agency in Melbourne on Buy your favourite Mobile on EMI
亚洲A∨精品无码一区二区观看 on Restaurant Scheduling 101 For Better Business Performance

Write For Us