Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2021-21220

Published: 26/04/2021 Updated: 14/12/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 721
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

Insufficient validation of untrusted input in V8 in Google Chrome before 89.0.4389.128 allowed a remote malicious user to potentially exploit heap corruption via a crafted HTML page.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

google chrome

fedoraproject fedora 32

fedoraproject fedora 33

fedoraproject fedora 34

Vendor Advisories

Debian CVElist Bug Report Logs: chromium: Update to version 90.0.4430.72 (security-fixes)
Debian Bug report logs - #987053 chromium: Update to version 900443072 (security-fixes) Package: chromium; Maintainer for chromium is Debian Chromium Team <chromium@packagesdebianorg>; Source for chromium is src:chromium (PTS, buildd, popcon) Reported by: Sedat Dilek <sedatdilek@gmailcom> Date: Fri, 16 Apr 202 ...
Arch Linux Issues:
An insufficient validation security issue has been found in the V8 component of the Chromium browser before version 8904389128 for x86_64 Google is aware of reports that an exploit for this issue exists in the wild ...
Google Chrome: Stable Channel Update for Desktop
The Stable channel has been updated to 8904389128 for Windows, Mac and Linux which will roll out over the coming days/weeksA full list of changes in this build is available in the log Interested in switching release channels?  Find out how here If you find a new issue, please let us know by filing a bug The community help forum is also ...

Exploits

Exploit DB: Google Chrome versions before 89.0.4389.128 V8 XOR Typer Out-Of-Bounds Access RCE
This module exploits an issue in the V8 engine on x86_x64 builds of Google Chrome before 8904389128/900443072 when handling XOR operations in JIT'd JavaScript code Successful exploitation allows an attacker to execute arbitrary code within the context of the V8 process As the V8 process is normally sandboxed i ...

Metasploit Modules

Google Chrome versions before 89.0.4389.128 V8 XOR Typer Out-Of-Bounds Access RCE

This module exploits an issue in the V8 engine on x86_x64 builds of Google Chrome before 89.0.4389.128/90.0.4430.72 when handling XOR operations in JIT'd JavaScript code. Successful exploitation allows an attacker to execute arbitrary code within the context of the V8 process. As the V8 process is normally sandboxed in the default configuration of Google Chrome, the browser must be run with the --no-sandbox option for the payload to work correctly.

msf > use exploit/multi/browser/chrome_cve_2021_21220_v8_insufficient_validation
msf exploit(chrome_cve_2021_21220_v8_insufficient_validation) > show targets
    ...targets...
msf exploit(chrome_cve_2021_21220_v8_insufficient_validation) > set TARGET < target-id >
msf exploit(chrome_cve_2021_21220_v8_insufficient_validation) > show options
    ...show and set options...
msf exploit(chrome_cve_2021_21220_v8_insufficient_validation) > exploit

Github Repositories

https://github.com/security-dbg/CVE-2021-21220

CVE-2021-21220 Issue 1196683 ref pediy

https://github.com/m1dsummer/d3ctf-2023-web-d3icu

The d3icu challenge in AntCTF&D^3CTF

Writeup for d4icu Among the various session persistence solutions available for Tomcat, one approach is to store session data in Redis This challenge uses the tomcat-cluster-redis-session-manager library, available at githubcom/ran-jit/tomcat-cluster-redis-session-manager If we read the source code, we can find that session data is serialized using the serialization

Recent Articles

Chrome and Chromium updated after yet another exploit is found in browser's V8 JavaScript engine
The Register • Gareth Corfield • 14 Apr 2021

JS component seems to be focus of researchers and miscreants alike SAP: It takes exploit devs about 72 hours to turn one of our security patches into a weapon against customers

Google has announced new updates to Chrome 89 following the discovery of yet another live exploit for a vulnerability in the V8 JavaScript engine. One of the flaws affects V8, which in January was found to suffer from a heap overflow bug severe enough to prompt a round of updates. This time round the V8 vulnerability is accompanied by a use-after-free vuln in Chrome's rendering engine Blink. The Blink vuln was discovered during the Zero Day Initiative's Pwn2Own competition last week. No proof-of...

Read more...

References

CWE-787https://crbug.com/1196683https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop.htmlhttps://security.gentoo.org/glsa/202104-08http://packetstormsecurity.com/files/162437/Google-Chrome-XOR-Typer-Out-Of-Bounds-Access-Remote-Code-Execution.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUZBGKGVZADNA3I24NVG7HAYYUTOSN5A/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EAJ42L4JFPBJATCZ7MOZQTUDGV4OEHHG/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3GZ42MYPGD35V652ZPVPYYS7A7LVXVY/http://packetstormsecurity.com/files/176210/Chrome-V8-JIT-XOR-Arbitrary-Code-Execution.htmlhttps://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987053https://github.com/m1dsummer/d3ctf-2023-web-d3icuhttps://www.zerodayinitiative.com/advisories/ZDI-21-411/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380CVE-2024-1694local file inclusionCVE-2024-5645CVE-2024-24919XSSCVE-2024-36774CVE-2024-21306SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook