CVE-2021-38003

Warning

Exploit

EPSS 79.34%
Published 23.11.2021 22:15:07
Last modified 05.02.2025 14:34:47
Source chrome-cve-admin@google.com
Teams watchlist Login
Open Login

Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Affected products Warnungen 1 Metrics 4 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Google ≫ Chrome Version < 95.0.4638.69

Fedoraproject ≫ Fedora Version34

Debian ≫ Debian Linux Version10.0

Debian ≫ Debian Linux Version11.0

03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog

Google Chromium V8 Memory Corruption Vulnerability

Vulnerability

Google Chromium V8 Engine has a bug in JSON.stringify, where the internal TheHole value can leak to script code, causing memory corruption. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Description

Apply updates per vendor instructions.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	79.34%	0.99

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-755 Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

https://www.debian.org/security/2022/dsa-5046

Third Party Advisory

Mailing List

https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html

Release Notes

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744/

Release Notes

https://crbug.com/1263462

Exploit

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2021-38003

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-38003

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-38003

EUVD