6.8
CVSSv2

CVE-2021-21224

Published: 26/04/2021 Updated: 01/06/2021
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

Type confusion in V8 in Google Chrome before 90.0.4430.85 allowed a remote malicious user to execute arbitrary code inside a sandbox via a crafted HTML page.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

google chrome

debian debian linux 10.0

fedoraproject fedora 32

fedoraproject fedora 33

fedoraproject fedora 34

Vendor Advisories

Debian Bug report logs - #987358 chromium: Update to version 900443085 (security-fixes) Package: chromium; Maintainer for chromium is Debian Chromium Team <chromium@packagesdebianorg>; Source for chromium is src:chromium (PTS, buildd, popcon) Reported by: Sedat Dilek <sedatdilek@gmailcom> Date: Thu, 22 Apr 202 ...
A type confusion security issue has been found in the V8 component of the Chromium browser before version 900443085 Google is aware of reports that exploits for this issue exist in the wild ...
Arch Linux Security Advisory ASA-202104-7 ========================================= Severity: High Date : 2021-04-29 CVE-ID : CVE-2021-21222 CVE-2021-21223 CVE-2021-21224 CVE-2021-21225 CVE-2021-21226 Package : chromium Type : multiple issues Remote : Yes Link : securityarchlinuxorg/AVG-1843 Summary ======= The pac ...
The Stable channel has been updated to 900443085 for Windows, Mac and Linux which will roll out over the coming days/weeksA full list of changes in this build is available in the log Interested in switching release channels?  Find out how here If you find a new issue, please let us know by filing a bug The community help forum is also a gre ...
Several vulnerabilities have been discovered in the chromium web browser CVE-2021-21201 Gengming Liu and Jianyu Chen discovered a use-after-free issue CVE-2021-21202 David Erceg discovered a use-after-free issue in extensions CVE-2021-21203 asnine discovered a use-after-free issue in Blink/Webkit CVE-2021-21204 Tsai-Simek, Jean ...
Arch Linux Security Advisory ASA-202104-5 ========================================= Severity: High Date : 2021-04-29 CVE-ID : CVE-2021-21201 CVE-2021-21202 CVE-2021-21203 CVE-2021-21207 CVE-2021-21209 CVE-2021-21210 CVE-2021-21213 CVE-2021-21214 CVE-2021-21215 CVE-2021-21216 CVE-2021-21217 CVE-2021-21218 CVE-2021- ...

Github Repositories

1195777-chrome 05 day CVE-2021-21224 /* BSD 2-Clause License Copyright (c) 2021, rajvardhan agarwal All rights reserved Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: Redistributions of source code must retain the above copyright notice, this list of conditions and the following d

Recent Articles

Microsoft Patch Tuesday Fixes 6 In-The-Wild Exploits, 50 Flaws
Threatpost • Lisa Vaas • 08 Jun 2021

Microsoft jumped on 50 vulnerabilities in this month’s Patch Tuesday update, issuing fixes for CVEs in Microsoft Windows, .NET Core and Visual Studio, Microsoft Office, Microsoft Edge (Chromium-based and EdgeHTML), SharePoint Server, Hyper-V, Visual Studio Code – Kubernetes Tools, Windows HTML Platform, and Windows Remote Desktop.
Five of the CVEs are rated Critical and 45 are rated Important in severity. Microsoft reported that six of the bugs are currently under active attack, while ...

Google rushes out fix for zero‑day vulnerability in Chrome
welivesecurity • 21 Apr 2021

Google has released an update for its Chrome web browser that fixes a range of security flaws, including a zero-day vulnerability that is known to be actively exploited by malicious actors. The bugs affect the Windows, macOS, and Linux versions of the popular browser.
“Google is aware of reports that exploits for CVE-2021-21224 exist in the wild,” said Google about the newly disclosed zero-day vulnerability that stems from a type confusion bug in the V8 JavaScript engine that is used...

Google fixes exploited Chrome zero-day dropped on Twitter last week
BleepingComputer • Sergiu Gatlan • 01 Jan 1970

Google has released Chrome 90.0.4430.85 to address an actively exploited zero-day and four other high severity security vulnerabilities impacting today's most popular web browser.
The version released on April 20th, 2021, to the Stable desktop channel for Windows, Mac, and Linux users will be rolling out to all users over the coming weeks.
"Google is aware of reports that exploits for CVE-2021-21224 exist in the wild," the company's announcement 
.
Google did not share a...

Google fixes sixth Chrome zero-day exploited in the wild this year
BleepingComputer • Lawrence Abrams • 01 Jan 1970

Google has released Chrome 91.0.4472.101 for Windows, Mac, and Linux to fix 14 security vulnerabilities, with one zero-day vulnerability exploited in the wild and tracked as CVE-2021-30551.
Google Chrome 91.0.4472.101 has started rolling out worldwide and will become available to all users over the next few days.
Google Chrome will automatically attempt to upgrade the browser the next time you launch the program, but you can perform a manual update by going to 
 > 
...