Vulnerability Watch: Google Pays $6,000 To S4E Team For Zero-Day Vulnerability CVE-2021-30573 Detection.
The Security For Everyone (S4E) team detected a Google Chrome Zero-day vulnerability tagged CVE-2021-30573 in Google’s latest version of the Chrome browser.
This discovery was made after the S4E team ran a very long warning message in the options part of Google Chrome's HTML select element, which crashed the current version of the Google Chrome browser and the operating system in use.
Table of Contents
Google Chrome Zero-Day Vulnerability CVE-2021-30573 Discovery
The long warning message was run on Google Chrome version [91.0.4472.77] + [stable] (official) (64-bit) on the following operating systems:
- Kali GNU/Linux version 2020.1
- Ubuntu version 20.04.2 LTS
- Ubuntu version 20.04.1 LTS
The crash displayed a long error message (==40998==ERROR: AddressSanitizer: heap-use-after-free on address 0x61600000dce4 at pc 0x55e40c87ca32 bp 0x7ffdb5e46fd0 sp 0x7ffdb5e46fc8) each time the team typed in a long string of special characters which includes HTML tags and numbers in the browser’s options part of the ‘select element.’ The Proof of Concept code of the vulnerability detected by the S4E team is available on the GitHub repository.
Google rewarded the Security For Everyone team a bounty price of $6000 after verifying the CVE-2021-30573 vulnerability. The spokesperson for S4E acknowledged the receipt of the Google bounty prize and also commended Google’s awesome vulnerability management team for their commitment to making the Chrome browser a safe browsing tool for its users worldwide.
Nevertheless, the S4E team reiterated that their focus is on customers’ feedback on their products while they are in their early startup stage.
Google has, however, rolled out Chrome browser version 92.0.4515.107, which is an updated version with over 35 bug fixes and improvements.
Recommendations By Security For Everyone Team
S4E:Shelter is a SaaS tool by the Security For Everyone company that detects the security vulnerabilities in your tech assets. Also, it offers actionable solutions to you.
Here are some recommendations from the Security For Everyone cybersecurity experts that you should take if you find yourself at risk of an unknown security vulnerability from your chrome browser.
- Always install the latest Chrome browser update from Google. Updates have patches that fix vulnerabilities in previous versions and also come with improvements.
- Revoke administrative privileges for all installed programs by running your PC as a non-privileged user to prevent the successful completion of vulnerability attacks by auto-installation. Revoking your administrative privileges means you will have to manually permit every program to run, thus giving you the opportunity of preventing you from unknowingly granting access to vulnerability threats.
- Avoid visiting untrusted websites; they are a great source of vulnerability threats.
- Avoid clicking on links on websites, in your emails, or SMS from unknown sources; such links could carry significant security threats. Email attachments from unknown sources can be phishing links containing links that can compromise your security.
- Always apply the rule of Least Privilege by imposing a level-based restriction to information not needed.
- Run an antivirus program should you detect any anomaly while using your PC.
A Final Word
In conclusion, the Security for Everyone team promises to focus on customers’ safety and satisfaction by focusing on vulnerability checks that put users' safety at risk. They are confident that Google will continue to roll out timely updates that fix vulnerabilities detected in previous versions of the Chrome browser.