CVE-2021-21117 – This vulnerability in Google Chrome's Cryptohom... (How to Fix)

Q: What is the severity of CVE-2021-21117?

CVE-2021-21117 has a CVSS score of 7.8 (HIGH). This vulnerability in Google Chrome's Cryptohome component allows a local attacker to escalate operating system privileges through a specially crafted file. It affects Chrome users on desktop platforms who haven't updated to the patched version. The attacker needs local access to the system to exploit this flaw.

📋 TL;DR

This vulnerability in Google Chrome's Cryptohome component allows a local attacker to escalate operating system privileges through a specially crafted file. It affects Chrome users on desktop platforms who haven't updated to the patched version. The attacker needs local access to the system to exploit this flaw.

💻 Affected Systems

Products:

Google Chrome

Versions: All versions prior to 88.0.4324.96

Operating Systems: Windows, Linux, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects desktop versions of Chrome; mobile versions and other Chromium-based browsers may have different vulnerability status.

📦 What is this software?

Chrome by Google

Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...

Learn more about Chrome →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise where an attacker gains root/admin privileges, potentially installing persistent malware, accessing all user data, and controlling the entire system.

🟠

Likely Case

Local privilege escalation allowing an attacker to bypass user account restrictions, access other users' data, or install unauthorized software.

🟢

If Mitigated

Limited impact with proper user account separation and minimal local attack surface, though privilege escalation could still occur within the user's context.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring local access to the system, not directly exploitable over the network.

🏢 Internal Only: MEDIUM - While requiring local access, insider threats or compromised user accounts could exploit this to escalate privileges within the organization.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and ability to create/place a crafted file; no public exploit code has been released according to available references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 88.0.4324.96 and later

Vendor Advisory: https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html

Restart Required: Yes

Instructions:

1. Open Chrome browser 2. Click the three-dot menu → Help → About Google Chrome 3. Chrome will automatically check for updates and install version 88.0.4324.96 or later 4. Click 'Relaunch' to restart Chrome with the update

🔧 Temporary Workarounds

Disable Chrome auto-updates (temporary)

all

Prevents Chrome from updating automatically, but this is NOT recommended as it leaves systems vulnerable. Only use if absolutely necessary for compatibility testing.

Windows: Disable Google Update service
Linux: Remove Chrome from package manager auto-update
macOS: Disable automatic updates in Chrome settings

🧯 If You Can't Patch

Implement strict user account separation and least privilege principles to limit damage from privilege escalation
Use application whitelisting to prevent execution of unauthorized binaries that might exploit this vulnerability

🔍 How to Verify

Check if Vulnerable:

Check Chrome version: If version is less than 88.0.4324.96, the system is vulnerable

Check Version:

chrome://version/ in Chrome address bar or 'google-chrome --version' in terminal

Verify Fix Applied:

Confirm Chrome version is 88.0.4324.96 or higher after update

📡 Detection & Monitoring

Log Indicators:

Unusual Chrome process behavior
Failed privilege escalation attempts in system logs
Unexpected file operations in Chrome data directories

Network Indicators:

Not applicable - local vulnerability

SIEM Query:

Process creation where parent_process contains 'chrome' and command_line contains suspicious file operations or privilege escalation attempts

📊 Metadata

CVE ID: CVE-2021-21117

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-59

Published: February 9, 2021

Last Updated: November 21, 2024

🔗 References

https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html Release Notes,Vendor Advisory
https://crbug.com/1137179 Permissions Required,Third Party Advisory
https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html Release Notes,Vendor Advisory
https://crbug.com/1137179 Permissions Required,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-21117, you might also want to check these: