CVE-2021-37956
📋 TL;DR
This is a use-after-free vulnerability in Google Chrome for Android that allows a remote attacker who has already compromised the renderer process to potentially exploit heap corruption. Attackers could execute arbitrary code or cause crashes by tricking users into visiting a malicious HTML page. Users of Google Chrome on Android prior to version 94.0.4606.54 are affected.
💻 Affected Systems
- Google Chrome for Android
📦 What is this software?
Chrome by Google
Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...
Learn more about Chrome →Fedora by Fedoraproject
Fedora by Fedoraproject
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to full device compromise, data theft, or installation of persistent malware.
Likely Case
Application crash (denial of service) or limited code execution within the sandboxed renderer process.
If Mitigated
No impact if Chrome is updated to patched version or if exploit attempts are blocked by security controls.
🎯 Exploit Status
Exploitation requires chaining with another vulnerability to compromise the renderer process first, then triggering the use-after-free condition.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 94.0.4606.54
Vendor Advisory: https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_21.html
Restart Required: Yes
Instructions:
1. Open Google Play Store on Android device. 2. Search for 'Google Chrome'. 3. If update is available, tap 'Update'. 4. Restart Chrome after update completes.
🔧 Temporary Workarounds
Disable Offline Mode
androidPrevents exploitation by disabling the vulnerable offline use functionality.
chrome://flags/#offline-pages-enabled
Set to 'Disabled'
🧯 If You Can't Patch
- Restrict access to untrusted websites using web filtering or proxy controls.
- Implement application allowlisting to prevent unauthorized Chrome usage.
🔍 How to Verify
Check if Vulnerable:
Check Chrome version in Settings > About Chrome. If version is below 94.0.4606.54, device is vulnerable.Check Version:
chrome://version/Verify Fix Applied:
Confirm Chrome version is 94.0.4606.54 or higher in Settings > About Chrome.📡 Detection & Monitoring
Log Indicators:
- Chrome crash reports with memory corruption signatures
- Unexpected renderer process terminations
Network Indicators:
- Requests to known malicious domains hosting exploit HTML
- Unusual traffic patterns from Chrome processes
SIEM Query:
source="chrome_crash_reports" AND (event_type="crash" OR event_type="memory_corruption")🔗 References
- https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_21.html
- https://crbug.com/1243117
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PM7MOYYHJSWLIFZ4TPJTD7MSA3HSSLV2/
- https://www.debian.org/security/2022/dsa-5046
- https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_21.html
- https://crbug.com/1243117
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PM7MOYYHJSWLIFZ4TPJTD7MSA3HSSLV2/
- https://www.debian.org/security/2022/dsa-5046
