Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

CVE-2021-21148: Google Chrome Heap Buffer Overflow Vulnerability Exploited in the Wild

Following reports of in-the-wild exploitation, Google released a patch for the third browser-based zero-day vulnerability of 2021.

Background

On February 4, Google published a stable channel update for Chrome for Desktop. This release contained a single security fix to address a critical zero-day vulnerability that had been exploited in the wild.

Analysis

CVE-2021-21148 is a heap buffer overflow vulnerability in V8, Google Chrome’s open-source JavaScript and WebAssembly engine. Its discovery is credited to Mattias Buelens, who reported the flaw to Google on January 24. As part of this release, Google notes that they are “aware of reports that an exploit” for this vulnerability “exists in the wild,” which we interpret to mean that in-the-wild exploitation attempts have been observed.

A detailed bug report for the vulnerability is unsurprisingly restricted at this time in order to allow users time to apply the relevant patch.

Third browser-based zero-day vulnerability disclosed in 2021

CVE-2021-21148 is the third zero-day vulnerability we’ve observed to be browser-based in 2021. In late January, Apple released iOS and iPadOS 14.4, which contained fixes for two WebKit zero-day vulnerabilities (CVE-2021-1870, CVE-2021-1871) that were exploited in the wild.

In our 2020 Threat Landscape Retrospective report, we noted that the majority of zero-day vulnerabilities disclosed in 2020 were browser-based, accounting for over 35%.

Source: Tenable’s 2020 Threat Landscape Retrospective

In 2020, Google patched three Chrome zero-day vulnerabilities in the V8 engine that were exploited in the wild, two of which were patched within two weeks of each other:

CVE Vulnerability Type Patch Date
CVE-2020-6418 Type Confusion February 24, 2020
CVE-2020-16009 Inappropriate Implementation November 2, 2020
CVE-2020-16013 Inappropriate implementation November 11, 2020

Based on our observations in 2020, we anticipate this trend in browser-based zero-day vulnerabilities will remain consistent in 2021, as browsers remain a popular attack vector for cybercriminals.

Speculation surrounding timing of vulnerability disclosure

In a bit of interesting timing, CVE-2021-21148 was disclosed to Google just one day prior to a massive revelation from Google. On January 25, Google’s Threat Analysis Group published a blog post detailing the discovery of an ongoing campaign conducted by nation-state actors to target security researchers interested in collaborating on vulnerability research. The report specifically mentions that the threat actors circulated a link to their potential victims to a malicious website that led to successful exploitation on systems that were fully patched for both Windows and Google Chrome. This was corroborated by Microsoft, which published their own blog post about the attacks, surmising that a Google Chrome zero-day was likely used to target researchers.

Naturally, speculation has emerged that there may be a connection between these attacks and the disclosure of CVE-2021-21148. However, so far, we’ve not seen any definitive connection made between the two. Maddie Stone, a security researcher on Google’s Project Zero team, has requested anyone to share any additional details about CVE-2021-21148.

Proof of concept

Despite reports of in-the-wild exploitation for CVE-2021-21148, we have found no public proof-of-concept code at the time this blog post was published.

Solution

Google addressed CVE-2021-21148 in Google Chrome version 88.0.4324.150 for Windows, macOS and Linux clients. Updated versions for most desktop systems should be available, while others (particularly Linux-based releases) should become available in the near future.

Identifying affected systems

A list of Tenable plugins to identify this vulnerability can be found here.

Get more information

Join Tenable's Security Response Team on the Tenable Community.

Learn more about Tenable, the first Cyber Exposure platform for holistic management of your modern attack surface.

Get a free 30-day trial of Tenable.io Vulnerability Management.

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training