Following reports of in-the-wild exploitation, Google released a patch for the third browser-based zero-day vulnerability of 2021. Background On February 4, Google published a stable channel update for Chrome for Desktop. This release contained a single security fix to address a critical zero-day vulnerability that had been exploited in the wild.

CVE-2021-21148: Google Chrome Heap Buffer Overflow Vulnerability Exploited in the Wild

Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

The remote host is affected by the vulnerability described in GLSA-202104-08 (Chromium, Google Chrome: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Chromium and Google       Chrome. Please review the CVE identifiers referenced below for details.
  Impact :

    Please review the referenced CVE identifiers for details.
  Workaround :

    There is no known workaround at this time.

This update for opera fixes the following issues :

  - Update to version 74.0.3911.203

  - CHR-8324 Update chromium on desktop-stable-88-3911 to     88.0.4324.182(boo#1182358)

  - DNA-90762 Replace &ldquo;Don&rsquo;t show again&rdquo;
    with &ldquo;Discard&rdquo;

  - DNA-90974 Crash at     opera::PersistentRecentlyClosedWindows::GetEntryType(Ses     sionID)

  - DNA-91289 [Search tabs] Wrong tab stays highlighted     after removing another tab

  - DNA-91476 Invalid memory dereference     PlayerServiceBrowsertest

  - DNA-91502 Change system name on opera://about page for     MacOS

  - DNA-91740 Missing title in Extensions Toolbar Menu

  - The update to chromium 88.0.4324.182 fixes following     issues: CVE-2021-21149, CVE-2021-21150, CVE-2021-21151,     CVE-2021-21152, CVE-2021-21153, CVE-2021-21154,     CVE-2021-21155, CVE-2021-21156, CVE-2021-21157

  - Update to version 74.0.3911.160

  - DNA-90409 Cleanup JavaScript dialogs: app modal & tab     modal

  - DNA-90720 [Search Tabs] Allow discarding recently closed     items

  - DNA-90802 [Windows] Debug fails on linking

  - DNA-91130 heap-use-after-free in     CashbackBackendServiceTest.AutoUpdateSchedule

  - DNA-91152 Allow reading agent variables in trigger     conditions

  - DNA-91225 [Search tabs] The webpage doesn&rsquo;t move     from &ldquo;Open tabs&rdquo; to &ldquo;Recently     closed&rdquo; section

  - DNA-91243 Add Rich Hint support for the cashback badge     and popup

  - DNA-91483 component_unittests are timing out

  - DNA-91516 Sidebar setup opens only with cashback enabled

  - DNA-91601 No text in 1st line of address bar dropdown     suggestions

  - DNA-91603 Jumbo build problem on desktop-stable-88-3911

The version of Google Chrome installed on the remote host is prior to 88.0.4324.150. It is, therefore, affected by a vulnerability as referenced in the 2021_02_stable-channel-update-for-desktop_4 advisory. Note that Nessus Network Monitor has not tested for this issue but has instead relied only on the application's self-reported version number.

Several vulnerabilities have been discovered in the chromium web browser.

  - CVE-2021-21148     Mattias Buelens discovered a buffer overflow issue in     the v8 JavaScript library.

  - CVE-2021-21149     Ryoya Tsukasaki discovered a stack overflow issue in the     Data Transfer implementation.

  - CVE-2021-21150     Woojin Oh discovered a use-after-free issue in the file     downloader.

  - CVE-2021-21151     Khalil Zhani discovered a use-after-free issue in the     payments system.

  - CVE-2021-21152     A buffer overflow was discovered in media handling.

  - CVE-2021-21153     Jan Ruge discovered a stack overflow issue in the GPU     process.

  - CVE-2021-21154     Abdulrahman Alqabandi discovered a buffer overflow issue     in the Tab Strip implementation.

  - CVE-2021-21155     Khalil Zhani discovered a buffer overflow issue in the     Tab Strip implementation.

  - CVE-2021-21156     Sergei Glazunov discovered a buffer overflow issue in     the v8 JavaScript library.

  - CVE-2021-21157     A use-after-free issue was discovered in the Web Sockets     implementation.

The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-7fb30b9381 advisory.

  - Use after free in Payments in Google Chrome on Mac prior to 88.0.4324.146 allowed a remote attacker to     potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-21142)

  - Heap buffer overflow in Extensions in Google Chrome prior to 88.0.4324.146 allowed an attacker who     convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted     Chrome Extension. (CVE-2021-21143)

  - Heap buffer overflow in Tab Groups in Google Chrome prior to 88.0.4324.146 allowed an attacker who     convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted     Chrome Extension. (CVE-2021-21144)

  - Use after free in Fonts in Google Chrome prior to 88.0.4324.146 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page. (CVE-2021-21145)

  - Use after free in Navigation in Google Chrome prior to 88.0.4324.146 allowed a remote attacker who had     compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
    (CVE-2021-21146)

  - Inappropriate implementation in Skia in Google Chrome prior to 88.0.4324.146 allowed a local attacker to     spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-21147)

  - Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to     potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21148)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

This update for opera fixes the following issues :

  - Update to version 74.0.3911.107

  - CHR-8311 Update chromium on desktop-stable-88-3911 to     88.0.4324.150

  - DNA-90329 Implement client_capabilities negotiation for     Flow / Sync

  - DNA-90560 [Search Tabs] Open Tabs On Top

  - DNA-90620 Add opauto tests for tab snoozing

  - DNA-90628 Update opauto tests after design changes

  - DNA-90818 Only 3 recently closed tabs are shown in a     search mode

  - DNA-90911 Enable search-tabs-open-tabs-on-top on     developer

  - DNA-90990 Crash at     opera::AddressBarView::NotifyBoundsChanged()

  - DNA-90991 Opera doesn&rsquo;t show version and     &lsquo;Relaunch&rsquo; button despite update is ready

  - DNA-91097 Crash at     extensions::BrowserSidebarPrivateGetPremium     ExtensionsInfoFunction::Run()

  - DNA-91163 [Win] &ldquo;URL navigation filters&rdquo;
    subpage doesn&rsquo;t react on actions

  - DNA-91196 [Flow] Device capabilities is not properly     saved in Local State

  - DNA-91276 Sidebar setup wont open

  - The update to chromium 88.0.4324.150 fixes following     issues :

  - CVE-2021-21148 (1181827)

The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-05afa65d39 advisory.

  - Use after free in Payments in Google Chrome on Mac prior to 88.0.4324.146 allowed a remote attacker to     potentially perform a sandbox escape via a crafted HTML page. (CVE-2021-21142)

  - Heap buffer overflow in Extensions in Google Chrome prior to 88.0.4324.146 allowed an attacker who     convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted     Chrome Extension. (CVE-2021-21143)

  - Heap buffer overflow in Tab Groups in Google Chrome prior to 88.0.4324.146 allowed an attacker who     convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted     Chrome Extension. (CVE-2021-21144)

  - Use after free in Fonts in Google Chrome prior to 88.0.4324.146 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page. (CVE-2021-21145)

  - Use after free in Navigation in Google Chrome prior to 88.0.4324.146 allowed a remote attacker who had     compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
    (CVE-2021-21146)

  - Inappropriate implementation in Skia in Google Chrome prior to 88.0.4324.146 allowed a local attacker to     spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2021-21147)

  - Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to     potentially exploit heap corruption via a crafted HTML page. (CVE-2021-21148)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

This update for chromium fixes the following issues :

Update to 88.0.4324.150 boo#1181827

  - CVE-2021-21148: Heap buffer overflow in V8

Chrome Releases reports :

[1170176] High CVE-2021-21148: Heap buffer overflow in V8. Reported by Mattias Buelens on 2021-01-24. Google is aware of reports that an exploit for CVE-2021-21148 exists in the wild.

The version of Microsoft Edge installed on the remote Windows host is prior to 88.0.705.63. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-21148 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Google Chrome installed on the remote macOS host is prior to 88.0.4324.150. It is, therefore, affected by a vulnerability as referenced in the 2021_02_stable-channel-update-for-desktop_4 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Google Chrome installed on the remote Windows host is prior to 88.0.4324.150. It is, therefore, affected by a vulnerability as referenced in the 2021_02_stable-channel-update-for-desktop_4 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
149223	GLSA-202104-08 : Chromium, Google Chrome: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
148839	openSUSE Security Update : opera (openSUSE-2021-413)	Nessus	SuSE Local Security Checks	critical
701323	Google Chrome < 88.0.4324.150 Vulnerability	Nessus Network Monitor	Web Clients	medium
146757	Debian DSA-4858-1 : chromium - security update	Nessus	Debian Local Security Checks	critical
146559	Fedora 32 : chromium (2021-7fb30b9381)	Nessus	Fedora Local Security Checks	critical
146501	openSUSE Security Update : opera (openSUSE-2021-296)	Nessus	SuSE Local Security Checks	high
146363	Fedora 33 : chromium (2021-05afa65d39)	Nessus	Fedora Local Security Checks	critical
146355	openSUSE Security Update : chromium (openSUSE-2021-267)	Nessus	SuSE Local Security Checks	high
146288	FreeBSD : chromium -- heap buffer overflow in V8 (3e01aad2-680e-11eb-83e2-e09467587c17)	Nessus	FreeBSD Local Security Checks	high
146271	Microsoft Edge (Chromium) < 88.0.705.63 Vulnerability	Nessus	Windows	high
146205	Google Chrome < 88.0.4324.150 Vulnerability	Nessus	MacOS X Local Security Checks	high
146204	Google Chrome < 88.0.4324.150 Vulnerability	Nessus	Windows	high

Detections

Analytics

CVE-2021-21148

high

Tenable Plugins

critical

critical

medium

critical

critical

high

critical

high

high

high

high

high