Google Chrome and Security Threats

Within the past few weeks, it has been reported several high vulnerabilities in the Google Chrome platform.

More specifically, CVE-2021-37977 allows a remote attacker to potentially exploit heap corruption via a crafted HTML page through use after free in Garbage Collection in Google Chrome while CVE-2021-37978 accomplishes the same results through heap buffer overflow in Blink in Google Chrome. Similarly, CVE-2021-37979 allows a remote attacker who convinced a user to browse to a malicious website to potentially exploit heap corruption via a crafted HTML page and CVE-2021-37980 allows a remote attacker to potentially bypass site isolation via Windows.

Although these vulnerabilities have been discussed in certain cybersecurity forums, the details on how these attacks are performed are not widely known because Google is restricting this information from their searches to buy time and until a full solution is available to all users. Please visit the above mentioned links to obtain updates.

Werner Guth, 16 DEC 2023