Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2021-21148

Published: 09/02/2021 Updated: 24/02/2021
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Google

Vulnerability Summary

Heap buffer overflow in V8 in Google Chrome before 88.0.4324.150 allowed a remote malicious user to potentially exploit heap corruption via a crafted HTML page.

Most Upvoted Vulmon Research Post

Google Chrome remote code execution. 🚨 exploitation in the wild reported.

•

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

google chrome

fedoraproject fedora 32

fedoraproject fedora 33

debian debian linux 10.0

Vendor Advisories

Arch Linux Issues:
A heap buffer overflow security issue was found in the V8 component of the Chromium browser before version 8804324150 ...
Debian Security Advisories: DSA-4858-1 chromium -- security update
Several vulnerabilities have been discovered in the chromium web browser CVE-2021-21148 Mattias Buelens discovered a buffer overflow issue in the v8 javascript library CVE-2021-21149 Ryoya Tsukasaki discovered a stack overflow issue in the Data Transfer implementation CVE-2021-21150 Woojin Oh discovered a use-after-free issu ...
Google Chrome: Stable Channel Update for Desktop
The Stable channel has been updated to 8804324150 for Windows, Mac and Linux which will roll out over the coming days/weeksA full list of changes in this build is available in the log Interested in switching release channels?  Find out how here If you find a new issue, please let us know by filing a bug The community help forum is also a gr ...
Arch Linux Advisories: [ASA-202102-6] chromium: multiple issues
Arch Linux Security Advisory ASA-202102-6 ========================================= Severity: Critical Date : 2021-02-06 CVE-ID : CVE-2021-21142 CVE-2021-21143 CVE-2021-21144 CVE-2021-21145 CVE-2021-21146 CVE-2021-21147 CVE-2021-21148 Package : chromium Type : multiple issues Remote : Yes Link : securityarchlinuxorg/ ...

Github Repositories

CVE-2021-21148

CVE-2021-21148 02/08/2021 01:00:00 -run exp

Recent Articles

Google Chrome Zero-Day Afflicts Windows, Mac Users
Threatpost • Lindsey O'Donnell • 05 Feb 2021

Google is warning of a zero-day vulnerability in its V8 open-source web engine that’s being actively exploited by attackers.
A patch has been issued in version 88 of Google’s Chrome browser — specifically, version 88.0.4324.150 for Windows, Mac and Linux. This update will roll out over the coming days and weeks, said Google. The flaw (CVE-2021-21148) stems from a heap-buffer overflow, said Google.
“Google is aware of reports that an exploit for CVE-2021-21148 exists in the wi...

Read more...
Google fixes Chrome zero-day actively exploited in the wild
BleepingComputer • Sergiu Gatlan • 04 Feb 2021

Google has addressed an actively exploited zero-day security vulnerability in the Chrome 88.0.4324.150 version released today, February 4th, 2020, to the Stable desktop channel for Windows, Mac, and Linux users.
"Google is aware of reports that an exploit for CVE-2021-21148 exists in the wild," the Google Chrome 88.0.4324.150 announcement
.
This version is rolling out to the entire userbase during the next days/weeks. Windows, Mac, and Linux desktop users can upgrade to C...

Read more...
The Register

If you use Google Chrome or a Chromium-based browser such as Microsoft Edge, update it immediately and/or check it for updates over the coming days: there is a zero-day bug being "actively exploited" in the older version of Chrome that will also affect other vendors' browsers.
Details are intentionally scant until enough of the wider world has installed the update, but the flaw exists in how Chrome handles heap overflows in V8, Chromium's Javascript engine.
"Google is aware of report...

Read more...

References

CWE-787https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.htmlhttps://crbug.com/1170176https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ACWYJ74Z3YN2XH4QMUEGNBC3VXX464L/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUQSMNV7INLDDSD3RKI5S5EAULX2QC7P/https://www.debian.org/security/2021/dsa-4858https://github.com/Grayhaxor/CVE-2021-21148https://threatpost.com/google-chrome-zero-day-windows-mac/163688/https://nvd.nist.govhttps://exchange.xforce.ibmcloud.com/vulnerabilities/196231
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middleCVE-2021-20661CVE-2020-4953CVE-2018-19518CVE-2021-27645CVE-2021-3156CVE-2021-26684deserializationwireless