CVE-2021-21167
📋 TL;DR
This is a use-after-free vulnerability in Google Chrome's bookmarks feature that allows remote attackers to potentially exploit heap corruption. Attackers can trigger this vulnerability by tricking users into visiting a specially crafted HTML page. All users running vulnerable versions of Google Chrome are affected.
💻 Affected Systems
- Google Chrome
📦 What is this software?
Chrome by Google
Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...
Learn more about Chrome →Fedora by Fedoraproject
Fedora by Fedoraproject
Fedora by Fedoraproject
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete system compromise, data theft, or ransomware deployment.
Likely Case
Browser crash (denial of service) or limited code execution within the browser sandbox.
If Mitigated
No impact if Chrome is updated to patched version or if exploit attempts are blocked by security controls.
🎯 Exploit Status
Exploitation requires bypassing Chrome's sandbox and other security mitigations, but use-after-free vulnerabilities are commonly exploited.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 89.0.4389.72
Vendor Advisory: https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
Restart Required: Yes
Instructions:
1. Open Chrome. 2. Click the three-dot menu. 3. Go to Help > About Google Chrome. 4. Chrome will automatically check for and install updates. 5. Click 'Relaunch' to restart Chrome with the update.
🔧 Temporary Workarounds
Disable JavaScript
allPrevents exploitation by disabling JavaScript execution in Chrome
Use Chrome Enterprise policies
allDeploy Chrome updates via enterprise management tools
🧯 If You Can't Patch
- Restrict access to untrusted websites using web filtering
- Implement application whitelisting to prevent unauthorized code execution
🔍 How to Verify
Check if Vulnerable:
Check Chrome version: If version is less than 89.0.4389.72, system is vulnerable.Check Version:
google-chrome --version (Linux) or chrome://version in address barVerify Fix Applied:
Confirm Chrome version is 89.0.4389.72 or higher after update.📡 Detection & Monitoring
Log Indicators:
- Chrome crash reports
- Unexpected process termination events
- Security event logs showing exploit attempts
Network Indicators:
- Traffic to known malicious domains hosting exploit code
- Unusual outbound connections from Chrome processes
SIEM Query:
source="chrome" AND (event_type="crash" OR process_name="chrome.exe" AND termination_reason="heap_corruption")🔗 References
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://crbug.com/1161144
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BBT54RKAE5XLMWSHLVUKJ7T2XHHYMXLH/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FE5SIKEVYTMDCC5OSXGOM2KRPYLHYMQX/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCIDZ77XUDMB2EBPPWCQXPEIJERDNSNT/
- https://security.gentoo.org/glsa/202104-08
- https://www.debian.org/security/2021/dsa-4886
- https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
- https://crbug.com/1161144
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BBT54RKAE5XLMWSHLVUKJ7T2XHHYMXLH/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FE5SIKEVYTMDCC5OSXGOM2KRPYLHYMQX/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCIDZ77XUDMB2EBPPWCQXPEIJERDNSNT/
- https://security.gentoo.org/glsa/202104-08
- https://www.debian.org/security/2021/dsa-4886
