JVN#81658818
Multiple vulnerabilities in RevoWorks Browser

Overview

RevoWorks Browser provided by J’s Communication Co., Ltd. contains multiple vulnerabilities.

Products Affected

• RevoWorks Browser 2.1.230 and earlier

Description

RevoWorks Browser provided by J’s Communication Co., Ltd. is a virtual browser which enables internet isolation.
It provides the function that enables access to drives, folders, files, and registries under the isolated environment from the local environment when running the web browser.
RevoWorks Browser contains multiple vulnerabilities listed below due to the improper control of access and program execution between the local environment and the isolated environment.

• Improper control of Program execution (CWE-114) - CVE-2021-20790

  CVSS v3	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H	Base Score: 8.6
  CVSS v2	AV:N/AC:M/Au:N/C:P/I:P/A:P	Base Score: 6.8

• Improper access control (CWE-284) - CVE-2021-20791

  CVSS v3	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	Base Score: 5.2
  CVSS v2	AV:L/AC:L/Au:S/C:P/I:P/A:N	Base Score: 3.2

Impact

• An arbitrary command or code may be executed on the web browser of the user which is running under the isolated environment - CVE-2021-20790
• Unauthorized files may be exchnaged between the local environment and the isolated environment or settings of the web browser may be altered - CVE-2021-20791

Solution

Update the software
Update the software to the latest version according to the information provided by the developer.
The developer has released RevoWorks Browser 2.2.50 that addresses the vulnerabilities.