CVE-2021-4322
📋 TL;DR
This vulnerability allows an attacker to execute arbitrary code on a user's system by tricking them into installing a malicious Chrome extension. It affects Google Chrome versions prior to 91.0.4472.77. The exploit leverages a use-after-free bug in Chrome's DevTools component.
💻 Affected Systems
- Google Chrome
- Chromium-based browsers
📦 What is this software?
Chrome by Google
Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...
Learn more about Chrome →⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with attacker gaining complete control over the victim's machine, potentially leading to data theft, ransomware deployment, or persistent backdoor installation.
Likely Case
Limited code execution within Chrome's sandbox, potentially allowing data exfiltration, session hijacking, or installation of additional malware.
If Mitigated
No impact if Chrome is updated to patched version or if extension installation is restricted to trusted sources only.
🎯 Exploit Status
Exploitation requires social engineering to install malicious extension. No public exploit code available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 91.0.4472.77
Vendor Advisory: https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html
Restart Required: Yes
Instructions:
1. Open Chrome menu > Help > About Google Chrome. 2. Chrome will automatically check for updates. 3. If update available, click 'Relaunch' to install. 4. Verify version is 91.0.4472.77 or later.
🔧 Temporary Workarounds
Disable Chrome Extensions
allTemporarily disable all Chrome extensions to prevent exploitation
chrome://extensions/ > Toggle off all extensions
Restrict Extension Installation
allConfigure Chrome to only allow extensions from Chrome Web Store
chrome://extensions/ > Check 'Allow from Chrome Web Store only'
🧯 If You Can't Patch
- Use alternative browser until Chrome can be updated
- Implement application whitelisting to block malicious extensions
🔍 How to Verify
Check if Vulnerable:
Check Chrome version in menu > Help > About Google Chrome. If version is below 91.0.4472.77, system is vulnerable.Check Version:
chrome://version/Verify Fix Applied:
Confirm Chrome version is 91.0.4472.77 or higher in About Google Chrome page.📡 Detection & Monitoring
Log Indicators:
- Unexpected Chrome extension installations
- Chrome crash reports with DevTools component
Network Indicators:
- Downloads from untrusted extension sources
- Unusual outbound connections after extension installation
SIEM Query:
source="chrome" AND (event="extension_install" OR event="crash") AND version<"91.0.4472.77"🔗 References
- https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html
- https://crbug.com/1190550
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/
- https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html
- https://crbug.com/1190550
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/
