CVE-2021-21132 – This vulnerability in Chrome DevTools allowed m... (How to Fix)

Q: What is the severity of CVE-2021-21132?

CVE-2021-21132 has a CVSS score of 9.6 (CRITICAL). This vulnerability in Chrome DevTools allowed malicious Chrome extensions to escape the browser's security sandbox. Attackers could potentially execute arbitrary code on the victim's system. All Chrome users prior to version 88.0.4324.96 were affected.

📋 TL;DR

This vulnerability in Chrome DevTools allowed malicious Chrome extensions to escape the browser's security sandbox. Attackers could potentially execute arbitrary code on the victim's system. All Chrome users prior to version 88.0.4324.96 were affected.

💻 Affected Systems

Products:

Google Chrome
Chromium-based browsers
Microsoft Edge (Chromium-based)

Versions: All versions prior to 88.0.4324.96

Operating Systems: Windows, macOS, Linux, Chrome OS

Default Config Vulnerable: ⚠️ Yes

Notes: Requires user to install or be tricked into enabling a malicious Chrome extension. Edge was affected but patched separately via Microsoft update.

📦 What is this software?

Chrome by Google

Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...

Learn more about Chrome →

Edge Chromium by Microsoft

View all CVEs affecting Edge Chromium →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via arbitrary code execution with user privileges, allowing data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Malicious extension could access local files, system resources, and execute commands outside browser sandbox, leading to data exfiltration or credential theft.

🟢

If Mitigated

With updated Chrome and proper extension vetting, risk is limited to theoretical exploitation attempts that would be blocked.

🌐 Internet-Facing: HIGH - Attackers can host malicious extensions on web stores or compromised sites targeting all Chrome users.

🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing or compromised internal sites hosting malicious extensions.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction to install malicious extension. No public exploit code available, but technical details were disclosed in bug reports.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 88.0.4324.96 and later

Vendor Advisory: https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html

Restart Required: Yes

Instructions:

1. Open Chrome menu > Help > About Google Chrome. 2. Chrome will automatically check for updates and install version 88.0.4324.96 or later. 3. Click 'Relaunch' to restart Chrome with the fix applied.

🔧 Temporary Workarounds

Disable Chrome DevTools

all

Prevent access to DevTools which was the attack vector

Not applicable via command line - use Chrome policies or disable via settings

Restrict Extension Installation

all

Only allow extensions from trusted sources and require admin approval

Windows: Configure via Group Policy 'ExtensionInstallWhitelist'
macOS/Linux: Use Chrome Enterprise policies

🧯 If You Can't Patch

Implement application allowlisting to block Chrome execution entirely
Deploy network filtering to block extension downloads from untrusted sources

🔍 How to Verify

Check if Vulnerable:

Check Chrome version in menu > Help > About Google Chrome. If version is below 88.0.4324.96, system is vulnerable.

Check Version:

chrome://version/ or on command line: google-chrome --version (Linux), 'Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe"' (Windows)

Verify Fix Applied:

Confirm Chrome version is 88.0.4324.96 or higher. Test by attempting to reproduce the DevTools sandbox escape (not recommended in production).

📡 Detection & Monitoring

Log Indicators:

Chrome crash reports with DevTools process anomalies
Unexpected extension installation events
Process creation from Chrome with unusual parent-child relationships

Network Indicators:

Downloads of Chrome extensions from unusual sources
Outbound connections from Chrome to unexpected destinations post-extension installation

SIEM Query:

process_name:"chrome.exe" AND (parent_process:"chrome.exe" AND command_line:"*type=extension*" OR command_line:"*--enable-devtools-experiments*")

📊 Metadata

CVE ID: CVE-2021-21132

CVSS v3 Score: 9.6 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE: CWE-1021

Published: February 9, 2021

Last Updated: November 21, 2024

🔗 References

https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html Release Notes,Vendor Advisory
https://crbug.com/1128206 Permissions Required,Third Party Advisory
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21132 Third Party Advisory
https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html Release Notes,Vendor Advisory
https://crbug.com/1128206 Permissions Required,Third Party Advisory
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21132 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-21132, you might also want to check these: