Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2021-21193

Published: 16/03/2021 Updated: 07/11/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Google

Vulnerability Summary

Use after free in Blink in Google Chrome before 89.0.4389.90 allowed a remote malicious user to potentially exploit heap corruption via a crafted HTML page.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

google chrome

fedoraproject fedora 32

debian debian linux 10.0

Vendor Advisories

Debian CVElist Bug Report Logs: chromium: CVE-2021-21193 (RCE) in Blink
Debian Bug report logs - #985142 chromium: CVE-2021-21193 (RCE) in Blink Package: chromium; Maintainer for chromium is Debian Chromium Team <chromium@packagesdebianorg>; Source for chromium is src:chromium (PTS, buildd, popcon) Reported by: Antonio Russo <aerusso@aerussonet> Date: Sat, 13 Mar 2021 15:42:01 UTC Se ...
Arch Linux Issues:
A use after free security issue was found in the Blink component of the Chromium browser before version 890438990 Google is aware of reports that an exploit for this issue exists in the wild ...
Arch Linux Advisories: [ASA-202103-9] chromium: arbitrary code execution
Arch Linux Security Advisory ASA-202103-9 ========================================= Severity: High Date : 2021-03-13 CVE-ID : CVE-2021-21191 CVE-2021-21192 CVE-2021-21193 Package : chromium Type : arbitrary code execution Remote : Yes Link : securityarchlinuxorg/AVG-1683 Summary ======= The package chromium before version 89 ...
Google Chrome: Stable Channel Update for Desktop
The Stable channel has been updated to 890438990 for Windows, Mac and Linux which will roll out over the coming days/weeksA full list of changes in this build is available in the log Interested in switching release channels?  Find out how here If you find a new issue, please let us know by filing a bug The community help forum is also a ...
Debian Security Advisories: DSA-4886-1 chromium -- security update
Several vulnerabilites have been discovered in the chromium web browser CVE-2021-21159 Khalil Zhani disocvered a buffer overflow issue in the tab implementation CVE-2021-21160 Marcin Noga discovered a buffer overflow issue in WebAudio CVE-2021-21161 Khalil Zhani disocvered a buffer overflow issue in the tab implementation CVE-2021- ...
Arch Linux Advisories: [ASA-202103-19] vivaldi: multiple issues
Arch Linux Security Advisory ASA-202103-19 ========================================== Severity: High Date : 2021-03-25 CVE-ID : CVE-2020-27844 CVE-2021-21159 CVE-2021-21160 CVE-2021-21161 CVE-2021-21162 CVE-2021-21163 CVE-2021-21165 CVE-2021-21166 CVE-2021-21167 CVE-2021-21168 CVE-2021-21169 CVE-2021-21170 CVE-202 ...

Github Repositories

CVE-2021-21193

introduction to hacking second presentation

CVE-2021-21193 Introduction to Hacking Vulnerability case study presentations March 2022 Mehrzad Khodashenas, Setareh Sheikholeslamzadeh Introduction Quick Info CVE Dictionary Entry: CVE-2021-21193 NVD Published Date: 03/16/2021 NVD Last Modified: 12/03/2021 Source: Chrome attribute value Severity 7 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:P) Published 03/05/2021 C

PoC in GitHub

PoC in GitHub 2022 CVE-2022-0185 (2022-02-11) A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a f

PoC in GitHub

PoC in GitHub 2023 CVE-2023-0045 missyes/CVE-2023-0045 es0j/CVE-2023-0045 CVE-2023-0179 TurtleARM/CVE-2023-0179-PoC CVE-2023-0297 (2023-01-13) Code Injection in GitHub repository pyload/pyload prior to 050b3dev31 bAuh0lz/CVE-2023-0297_Pre-auth_RCE_in_pyLoad CVE-2023-0315 (2023-01-15) Command Injection in GitHub repository froxlor/froxlor prior to 208 mhaskar/C

Recent Articles

Google fixes Chrome zero‑day bug exploited in the wild
welivesecurity • 16 Mar 2021

Google has rolled out an update for its Chrome web browser that fixes five security flaws, including a zero-day vulnerability that is known to be actively exploited by malicious actors. The bugs affect the Windows, macOS, and Linux versions of the popular browser.
“Google is aware of reports that an exploit for CVE-2021-21193 exists in the wild,” said Google about the newly disclosed zero-day vulnerability that stems from a use-after-free flaw in Blink, a browser rendering engine dev...

Read more...
Google Warns Mac, Windows Users of Chrome Zero-Day Flaw
Threatpost • Lindsey O'Donnell • 15 Mar 2021

Google is hurrying out a fix for a vulnerability in its Chrome browser that’s under active attack – its third zero-day flaw so far this year. If exploited, the flaw could allow remote code-execution and denial-of-service attacks on affected systems.
The vulnerability exists in Blink, the browser engine for Chrome developed as part of the Chromium project. Browser engines convert HTML documents and other web page resources into the visual representations viewable to end users.
“...

Read more...

References

CWE-416https://crbug.com/1186287https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.htmlhttps://www.debian.org/security/2021/dsa-4886https://security.gentoo.org/glsa/202104-08https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N52OWF4BAP3JNK2QYGU3Q6QUVDZDCIMQ/https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985142https://github.com/mehrzad1994/CVE-2021-21193https://security.archlinux.org/CVE-2021-21193
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
injectCVE-2023-45839mass assignmentCVE-2023-33082CVE-2023-49374CVE-2023-23397XXECVE-2023-28585CVE-2023-45124
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook