CVE-2021-21220

Warnung

Exploit

EPSS 89.46%
Veröffentlicht 26.04.2021 17:15:08
Zuletzt bearbeitet 24.10.2025 21:08:07
Quelle chrome-cve-admin@google.com
CVE-Watchlists
Login
Unerledigt
Login

Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Betroffene Produkte Warnungen 1 Metriken 4 CWE 1 Referenzen 12

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Chrome Version < 89.0.4389.128

Fedoraproject ≫ Fedora Version32

Fedoraproject ≫ Fedora Version33

Fedoraproject ≫ Fedora Version34

03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog

Google Chromium V8 Improper Input Validation Vulnerability

Schwachstelle

Google Chromium V8 Engine contains an improper input validation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	89.46%	0.995

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H