CVSS: 8.8EPSS: 2%CPEs: 4EXPL: 1CVE-2021-38003 – Google Chromium V8 Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2021-38003
Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una implementación inapropiada de V8 en Google Chrome versiones anteriores a 95.0.4638.69, permitía a un atacante remoto explotar potencialmente la corrupción de la pila por medio de una página HTML diseñada Google Chromium V8 Engine has a bug in JSON.stringify, where the internal TheHole value can leak to script code, causing memory corruption. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. • https://github.com/SpiralBL0CK/Chrome-V8-RCE-CVE-2021-38003 https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html https://crbug.com/1263462 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744 https://www.debian.org/security/2022/dsa-5046 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 9.6EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38002
https://notcve.org/view.php?id=CVE-2021-38002
Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Un uso de memoria previamente liberada en Web Transport en Google Chrome versiones anteriores a 95.0.4638.69, permitía a un atacante remoto llevar a cabo un escape de sandbox por medio de una página HTML diseñada • https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html https://crbug.com/1260940 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744 https://www.debian.org/security/2022/dsa-5046 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 3CVE-2021-38001
https://notcve.org/view.php?id=CVE-2021-38001
Type confusion in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una confusión de tipos en V8 en Google Chrome versiones anteriores a 95.0.4638.69, permitía a un atacante remoto explotar potencialmente una corrupción de pila por medio de una página HTML diseñada • https://github.com/Peterpan0927/TFC-Chrome-v8-bug-CVE-2021-38001-poc https://github.com/maldiohead/TFC-Chrome-v8-bug-CVE-2021-38001-poc https://github.com/TheHermione/CVE-2021-38001 https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html https://crbug.com/1260577 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744 https://www.debian.org/security/2022/dsa-5046 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 6.1EPSS: 3%CPEs: 5EXPL: 0CVE-2021-38000 – Google Chromium Intents Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2021-38000
Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. La comprobación insuficiente de entradas no confiables en Intents en Google Chrome en Android versiones anteriores a 95.0.4638.69, permitía a un atacante remoto navegar arbitrariamente a una URL maliciosa por medio de una página HTML diseñada Google Chromium Intents contains an improper input validation vulnerability that allows a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. • https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html https://crbug.com/1249962 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744 https://www.debian.org/security/2022/dsa-5046 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 1CVE-2021-37999
https://notcve.org/view.php?id=CVE-2021-37999
Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page. Una comprobación insuficiente de datos en New Tab Page en Google Chrome versiones anteriores a 95.0.4638.69, permitía a un atacante remoto inyectar scripts o HTML arbitrarios en una nueva pestaña del navegador por medio de una página HTML diseñada • https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html https://crbug.com/1251541 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744 https://www.debian.org/security/2022/dsa-5046 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •