Google Chrome Multiple Vulnerabilities (CVE-2021-21149, CVE-2021-21150, CVE-2021-21151, CVE-2021-21152, CVE-2021-21153, CVE-2021-21154, CVE-2021-21155, CVE-2021-21156, CVE-2021-21157)

Recently, on 16th Feb, 2021, Google released a stable update to address a number of CVEs – CVE-2021-21149, CVE-2021-21150, CVE-2021-21151, CVE-2021-21152, CVE-2021-21153, CVE-2021-21154, CVE-2021-21155, CVE-2021-21156 and CVE-2021-21157. Multiple vulnerabilities were discovered in Google Chrome that allowed an attacker to create a security problem, which has not been specified by the publisher yet. No POC or active attacks were observed at the time of this blog being written.

According to Google advisory, 9 CVEs and their respective vulnerabilities with high severities are as follows:

CVE-2021-21149: Stack overflow in Data Transfer

CVE-2021-21150: Use after free in Downloads

CVE-2021-21151: Use after free in Payments

CVE-2021-21152: Heap buffer overflow in Media

CVE-2021-21153: Stack overflow in GPU Process

CVE-2021-21154 and CVE-2021-21155: Heap buffer overflow in Tab Strip

CVE-2021-21156: Heap buffer overflow in V8

CVE-2021-21157: Use after free in Web Sockets

Affected Products

Google Chrome versions earlier than 88.0.4324.182

Vulnerable software: Chrome, Edge Chromium, Opera.



Users are advised to update their Google Chrome installations to the latest version 88.0.4324.182


Qualys customers can scan their network with QID 375119 to detect vulnerable assets.

Please continue to follow Qualys Threat Protection for more coverage on latest vulnerabilities.



Leave a Reply

Your email address will not be published. Required fields are marked *