CVE-2021-21148
Google Chromium V8 Heap Buffer Overflow Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
YesDecision
Descriptions
Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Un desbordamiento del búfer de la pila en V8 en Google Chrome versiones anteriores a 88.0.4324.150, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada
The fix for CVE-2021-21148 has added a check in |ValueSerializer::WriteJSArrayBuffer| to make sure non-detachable array buffers cannot be transferred. The check can be bypassed with the help of asm.js and property getters.
Google Chromium V8 Engine contains a heap buffer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-12-21 CVE Reserved
- 2021-02-07 First Exploit
- 2021-02-09 CVE Published
- 2021-11-03 Exploited in Wild
- 2021-11-17 KEV Due Date
- 2024-08-03 CVE Updated
- 2024-12-17 EPSS Updated
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (7)
URL | Tag | Source |
---|---|---|
http://packetstormsecurity.com/files/162579/Chrome-Array-Transfer-Bypass.html | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://github.com/Grayhaxor/CVE-2021-21148 | 2021-02-07 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | < 88.0.4324.150 Search vendor "Google" for product "Chrome" and version " < 88.0.4324.150" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 32 Search vendor "Fedoraproject" for product "Fedora" and version "32" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 33 Search vendor "Fedoraproject" for product "Fedora" and version "33" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
|