CVE-2021-38003

Warnung

Exploit

EPSS 79.34%
Veröffentlicht 23.11.2021 22:15:07
Zuletzt bearbeitet 05.02.2025 14:34:47
Quelle chrome-cve-admin@google.com
Teams Watchlist Login
Unerledigt Login

Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Betroffene Produkte Warnungen 1 Metriken 4 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Chrome Version < 95.0.4638.69

Fedoraproject ≫ Fedora Version34

Debian ≫ Debian Linux Version10.0

Debian ≫ Debian Linux Version11.0

03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog

Google Chromium V8 Memory Corruption Vulnerability

Schwachstelle

Google Chromium V8 Engine has a bug in JSON.stringify, where the internal TheHole value can leak to script code, causing memory corruption. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	79.34%	0.99

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-755 Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

https://www.debian.org/security/2022/dsa-5046

Third Party Advisory

Mailing List

https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html

Release Notes

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744/

Release Notes

https://crbug.com/1263462

Exploit

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2021-38003

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-38003

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-38003

EUVD