CVE-2021-38000

Warnung

Exploit

EPSS 3.43%
Veröffentlicht 23.11.2021 22:15:07
Zuletzt bearbeitet 12.03.2025 21:01:06
Quelle chrome-cve-admin@google.com
Teams Watchlist Login
Unerledigt Login

Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page.

Betroffene Produkte Warnungen 1 Metriken 4 CWE 2 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Chrome Version < 95.0.4638.69

Google ≫ Android Version-

Fedoraproject ≫ Fedora Version34

Debian ≫ Debian Linux Version10.0

Debian ≫ Debian Linux Version11.0

03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog

Google Chromium Intents Improper Input Validation Vulnerability

Schwachstelle

Google Chromium Intents contains an improper input validation vulnerability that allows a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.43%	0.87

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

https://www.debian.org/security/2022/dsa-5046

Third Party Advisory

Mailing List

https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html

Release Notes

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744/

Release Notes

https://crbug.com/1249962

Exploit

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2021-38000

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-38000

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-38000

EUVD