CVE-2021-38015
📋 TL;DR
This vulnerability in Google Chrome allowed malicious extensions to bypass navigation restrictions, enabling attackers to redirect users to malicious sites or perform unauthorized actions. It affects Chrome users who install untrusted extensions prior to version 96.0.4664.45.
💻 Affected Systems
- Google Chrome
📦 What is this software?
Chrome by Google
Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...
Learn more about Chrome →Fedora by Fedoraproject
⚠️ Risk & Real-World Impact
Worst Case
Attackers could redirect users to phishing sites, steal credentials, or execute malicious code through crafted navigation.
Likely Case
Users tricked into installing malicious extensions could be redirected to phishing or malware sites.
If Mitigated
With proper extension vetting and updated Chrome, risk is minimal as the vulnerability is patched.
🎯 Exploit Status
Exploitation requires convincing a user to install a malicious extension, which adds a social engineering component.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 96.0.4664.45
Vendor Advisory: https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html
Restart Required: Yes
Instructions:
1. Open Chrome. 2. Click the three-dot menu > Help > About Google Chrome. 3. Chrome will automatically check for updates and install version 96.0.4664.45 or later. 4. Restart Chrome to apply the update.
🔧 Temporary Workarounds
Disable or Remove Suspicious Extensions
allRemove any extensions that are not from trusted sources to prevent exploitation.
chrome://extensions/
Use Chrome's Enhanced Safe Browsing
allEnable Enhanced Safe Browsing in Chrome settings to help detect malicious extensions.
chrome://settings/security
🧯 If You Can't Patch
- Restrict installation of Chrome extensions to only trusted, verified sources.
- Monitor for unusual navigation patterns or redirects in user activity logs.
🔍 How to Verify
Check if Vulnerable:
Check Chrome version: if below 96.0.4664.45, it is vulnerable.Check Version:
On Chrome, navigate to chrome://version/ and check the 'Google Chrome' version number.Verify Fix Applied:
Confirm Chrome version is 96.0.4664.45 or higher after update.📡 Detection & Monitoring
Log Indicators:
- Logs showing installation of unknown Chrome extensions
- Unexpected navigation events or redirects in browser logs
Network Indicators:
- Unusual outbound connections from Chrome to unknown domains following extension installation
SIEM Query:
source="chrome_logs" AND (event="extension_install" AND extension_name NOT IN trusted_list) OR (event="navigation" AND url CONTAINS suspicious_domain)🔗 References
- https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html
- https://crbug.com/957553
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744/
- https://www.debian.org/security/2022/dsa-5046
- https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html
- https://crbug.com/957553
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744/
- https://www.debian.org/security/2022/dsa-5046
