8.8

CVE-2021-21148

Warnung

Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleChrome Version < 88.0.4324.150
FedoraprojectFedora Version32
FedoraprojectFedora Version33
DebianDebian Linux Version10.0

03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog

Google Chromium V8 Heap Buffer Overflow Vulnerability

Schwachstelle

Google Chromium V8 Engine contains a heap buffer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 37.79% 0.971
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://crbug.com/1170176
Permissions Required
https://www.debian.org/security/2021/dsa-4858
Third Party Advisory
Mailing List