CVE-2021-37969: Inappropriate implementation in Google Updater
First published: Thu Sep 02 2021(Updated: )
Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to perform local privilege escalation via a crafted file.
Credit: chrome-cve-admin@google.com Abdelhamid Naceri (halov)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/chromium | <=90.0.4430.212-1~deb10u1 | 116.0.5845.180-1~deb11u1 118.0.5993.70-1~deb11u1 116.0.5845.180-1~deb12u1 118.0.5993.70-1~deb12u1 118.0.5993.70-1 |
| Google Chrome | <94.0.4606.54 | |
| Microsoft Windows | ||
| Fedoraproject Fedora | =33 | |
| Fedoraproject Fedora | =35 | |
| Debian Debian Linux | =10.0 | |
| Debian Debian Linux | =11.0 | |
| Google Chrome | <94.0.4606.54 | 94.0.4606.54 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://security-tracker.debian.org/tracker/CVE-2021-37969
- https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_21.html (Advisory)
- https://crbug.com/1245879
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PM7MOYYHJSWLIFZ4TPJTD7MSA3HSSLV2/
- https://www.debian.org/security/2022/dsa-5046
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PM7MOYYHJSWLIFZ4TPJTD7MSA3HSSLV2/
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2021-37969.
What is the affected software?
Google Chrome on Windows versions prior to 94.0.4606.54.
How does this vulnerability occur?
This vulnerability occurs due to inappropriate implementation in Google Updater in Google Chrome.
How can a remote attacker exploit this vulnerability?
A remote attacker can exploit this vulnerability by performing local privilege escalation via a crafted file.
How can I fix this vulnerability?
To fix this vulnerability, update Google Chrome on Windows to version 94.0.4606.54 or later.
- collector/security-tracker-debian
- agent/type
- agent/last-modified-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- agent/references
- collector/chrome-releases
- agent/software-canonical-lookup
- agent/title
- agent/severity
- agent/author
- agent/softwarecombine
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- package-manager/debian
- vendor/google
- canonical/google chrome
- vendor/microsoft
- canonical/microsoft windows
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/33
- version/fedoraproject fedora/35
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/10.0
- version/debian debian linux/11.0