Vulnerability Spotlight: Heap-based buffer overflow in Google Chrome could lead to code execution


Cisco Talos recently discovered an exploitable heap-based buffer overflow vulnerability in Google Chrome.  

Google Chrome is a cross-platform web browser — and Chromium is the open-source version of the browser that other software developers use to build their browsers, as well.TALOS-2021-1235 (CVE-2021-21160) is a buffer overflow vulnerability in Chrome’s AudioDelay function that could allow an adversary to execute remote code. An attacker could exploit this vulnerability by tricking a user into visiting a specially crafted HTML page in Chrome. Proper heap grooming can give the attacker full control of this heap overflow vulnerability, and as a result, could allow it to be turned into arbitrary code execution. 

Read more…