Description Preview
Overview
ANGLE (Almost Native Graphics Layer Engine) is a graphics engine abstraction layer used by Google Chrome to handle OpenGL ES API calls. The vulnerability exists due to improper validation of input data, which can lead to memory corruption through an out of bounds write operation. When exploited, this vulnerability could allow remote attackers to execute arbitrary code within the context of the browser, potentially leading to full system compromise depending on the user's privileges. The vulnerability is particularly concerning because it can be triggered simply by visiting a malicious or compromised website.
Remediation
Users should update Google Chrome to version 91.0.4472.101 or later, which contains the fix for this vulnerability. The update can be installed through Chrome's built-in update mechanism or by downloading the latest version from the official Google Chrome website.
For system administrators managing Chrome deployments:
- Ensure all Chrome installations are updated to version 91.0.4472.101 or later
- Consider implementing network security monitoring to detect exploitation attempts
- Apply defense-in-depth strategies such as running the browser with reduced privileges
- Consider using browser isolation technologies for high-risk environments
For users of other browsers that incorporate ANGLE or Chromium components (such as Microsoft Edge, Opera, etc.), ensure these browsers are also updated to versions that include the patched ANGLE component.
References
- Chrome Release Blog: https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html
- Chrome Bug Tracker: https://crbug.com/1210414
- Debian Security Advisory: https://www.debian.org/security/2021/dsa-4939
- Debian LTS Announcement: https://lists.debian.org/debian-lts-announce/2021/07/msg00009.html
- Fedora Update: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ETMZL6IHCTCTREEL434BQ4THQ7EOHJ43/
- Gentoo Linux Security Advisory: https://security.gentoo.org/glsa/202202-03
- Thunderbird Security Update: https://lists.debian.org/debian-lts-announce/2021/07/msg00010.html
Industry ExposureMost to leastThis section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.
- Health Care & Social AssistanceHealth Care & Social Assistance
- ManufacturingManufacturing
- Public AdministrationPublic Administration
- Educational ServicesEducational Services
- Finance and InsuranceFinance and Insurance
- Transportation & WarehousingTransportation & Warehousing
- Professional, Scientific, & Technical ServicesProfessional, Scientific, & Technical Services
- UtilitiesUtilities
- Retail TradeRetail Trade
- Other Services (except Public Administration)Other Services (except Public Administration)
- Arts, Entertainment & RecreationArts, Entertainment & Recreation
- InformationInformation
- Management of Companies & EnterprisesManagement of Companies & Enterprises
- Agriculture, Forestry Fishing & HuntingAgriculture, Forestry Fishing & Hunting
- Real Estate Rental & LeasingReal Estate Rental & Leasing
- Accommodation & Food ServicesAccommodation & Food Services
- ConstructionConstruction
- MiningMining
- Administrative, Support, Waste Management & Remediation ServicesAdministrative, Support, Waste Management & Remediation Services
- Wholesale TradeWholesale Trade
