CVE-2021-30577
📋 TL;DR
This vulnerability in Google Chrome's installer allows an attacker to escalate local privileges by tricking a user into opening a malicious file. It affects Chrome users on desktop operating systems prior to version 92.0.4515.107. Attackers could gain elevated system access without user interaction beyond file execution.
💻 Affected Systems
- Google Chrome
📦 What is this software?
Chrome by Google
Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...
Learn more about Chrome →Fedora by Fedoraproject
Fedora by Fedoraproject
Fedora by Fedoraproject
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with administrative/root privileges, allowing installation of persistent malware, data theft, and complete system control.
Likely Case
Local privilege escalation enabling installation of additional malware, credential harvesting, or lateral movement within the network.
If Mitigated
Limited impact with proper user education and execution restrictions, though still potentially allowing local privilege escalation if malicious file is executed.
🎯 Exploit Status
Requires user to execute a crafted file. No public exploit code available at disclosure.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 92.0.4515.107
Vendor Advisory: https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
Restart Required: Yes
Instructions:
1. Open Chrome 2. Click menu (three dots) → Help → About Google Chrome 3. Chrome will automatically check for and install updates 4. Click 'Relaunch' to restart Chrome with the update
🔧 Temporary Workarounds
Restrict file execution
allImplement application whitelisting to prevent execution of untrusted files
User education
allTrain users not to open files from untrusted sources
🧯 If You Can't Patch
- Implement application control policies to restrict file execution
- Use Chrome in sandboxed/containerized environments
🔍 How to Verify
Check if Vulnerable:
Check Chrome version: Open Chrome → Click menu → Help → About Google Chrome. If version is below 92.0.4515.107, system is vulnerable.Check Version:
google-chrome --version (Linux) or check About Google Chrome in browserVerify Fix Applied:
Verify Chrome version is 92.0.4515.107 or higher using the same method.📡 Detection & Monitoring
Log Indicators:
- Unusual Chrome installer processes running with elevated privileges
- Chrome update failures or rollbacks
Network Indicators:
- Downloads of suspicious files followed by privilege escalation attempts
SIEM Query:
Process creation where parent_process contains 'chrome' and process_name contains 'installer' with elevated privileges🔗 References
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://crbug.com/1204811
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LVY4WIWTVVYKQMROJJS365TZBKEARCF/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPJPUSAWIJMQFBQQQYXAICLI4EKFQOH6/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QW4R2K5HVJ4R6XDZYOJCCFPIN2XHNS3L/
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://crbug.com/1204811
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LVY4WIWTVVYKQMROJJS365TZBKEARCF/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPJPUSAWIJMQFBQQQYXAICLI4EKFQOH6/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QW4R2K5HVJ4R6XDZYOJCCFPIN2XHNS3L/
