Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2021-21220

Published: 26/04/2021 Updated: 14/12/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 606
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Chrome

Vulnerability Summary

Insufficient validation of untrusted input in V8 in Google Chrome before 89.0.4389.128 allowed a remote malicious user to potentially exploit heap corruption via a crafted HTML page.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

google chrome

fedoraproject fedora 32

fedoraproject fedora 33

fedoraproject fedora 34

Vendor Advisories

Debian CVElist Bug Report Logs: chromium: Update to version 90.0.4430.72 (security-fixes)
Debian Bug report logs - #987053 chromium: Update to version 900443072 (security-fixes) Package: chromium; Maintainer for chromium is Debian Chromium Team <chromium@packagesdebianorg>; Source for chromium is src:chromium (PTS, buildd, popcon) Reported by: Sedat Dilek <sedatdilek@gmailcom> Date: Fri, 16 Apr 202 ...
Arch Linux Issues:
An insufficient validation security issue has been found in the V8 component of the Chromium browser before version 8904389128 for x86_64 Google is aware of reports that an exploit for this issue exists in the wild ...
Google Chrome: Stable Channel Update for Desktop
The Stable channel has been updated to 8904389128 for Windows, Mac and Linux which will roll out over the coming days/weeksA full list of changes in this build is available in the log Interested in switching release channels?  Find out how here If you find a new issue, please let us know by filing a bug The community help forum is also ...

Github Repositories

https://github.com/m1dsummer/d3ctf-2023-web-d3icu

The d3icu challenge in AntCTF&D^3CTF

Writeup for d4icu Among the various session persistence solutions available for Tomcat, one approach is to store session data in Redis This challenge uses the tomcat-cluster-redis-session-manager library, available at githubcom/ran-jit/tomcat-cluster-redis-session-manager If we read the source code, we can find that session data is serialized using the serialization

https://github.com/security-dbg/CVE-2021-21220

CVE-2021-21220 Issue 1196683 ref pediy

Recent Articles

Chrome and Chromium updated after yet another exploit is found in browser's V8 JavaScript engine
The Register • Gareth Corfield • 14 Apr 2021

JS component seems to be focus of researchers and miscreants alike SAP: It takes exploit devs about 72 hours to turn one of our security patches into a weapon against customers

Google has announced new updates to Chrome 89 following the discovery of yet another live exploit for a vulnerability in the V8 JavaScript engine. One of the flaws affects V8, which in January was found to suffer from a heap overflow bug severe enough to prompt a round of updates. This time round the V8 vulnerability is accompanied by a use-after-free vuln in Chrome's rendering engine Blink. The Blink vuln was discovered during the Zero Day Initiative's Pwn2Own competition last week. No proof-of...

Read more...

References

CWE-787https://crbug.com/1196683https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop.htmlhttps://security.gentoo.org/glsa/202104-08http://packetstormsecurity.com/files/162437/Google-Chrome-XOR-Typer-Out-Of-Bounds-Access-Remote-Code-Execution.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUZBGKGVZADNA3I24NVG7HAYYUTOSN5A/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EAJ42L4JFPBJATCZ7MOZQTUDGV4OEHHG/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3GZ42MYPGD35V652ZPVPYYS7A7LVXVY/http://packetstormsecurity.com/files/176210/Chrome-V8-JIT-XOR-Arbitrary-Code-Execution.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987053https://nvd.nist.govhttps://github.com/m1dsummer/d3ctf-2023-web-d3icuhttps://www.zerodayinitiative.com/advisories/ZDI-21-411/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654CVE-2024-2757authentication bypassCVE-2024-3194CVE-2024-33640CVE-2024-21111dosinsecure direct object referenceCVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook