Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2021-21224

Published: 26/04/2021 Updated: 07/11/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Google

Vulnerability Summary

Type confusion in V8 in Google Chrome before 90.0.4430.85 allowed a remote malicious user to execute arbitrary code inside a sandbox via a crafted HTML page.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

google chrome

debian debian linux 10.0

fedoraproject fedora 32

fedoraproject fedora 33

fedoraproject fedora 34

Vendor Advisories

Debian CVElist Bug Report Logs: chromium: Update to version 90.0.4430.85 (security-fixes)
Debian Bug report logs - #987358 chromium: Update to version 900443085 (security-fixes) Package: chromium; Maintainer for chromium is Debian Chromium Team <chromium@packagesdebianorg>; Source for chromium is src:chromium (PTS, buildd, popcon) Reported by: Sedat Dilek <sedatdilek@gmailcom> Date: Thu, 22 Apr 202 ...
Debian Security Advisories: DSA-4906-1 chromium -- security update
Several vulnerabilities have been discovered in the chromium web browser CVE-2021-21201 Gengming Liu and Jianyu Chen discovered a use-after-free issue CVE-2021-21202 David Erceg discovered a use-after-free issue in extensions CVE-2021-21203 asnine discovered a use-after-free issue in Blink/Webkit CVE-2021-21204 Tsai-Simek, Jean ...
Arch Linux Issues:
A type confusion security issue has been found in the V8 component of the Chromium browser before version 900443085 Google is aware of reports that exploits for this issue exist in the wild ...
Google Chrome: Stable Channel Update for Desktop
 The Stable channel has been updated to 900443085 for Windows, Mac and Linux which will roll out over the coming days/weeksA full list of changes in this build is available in the log Interested in switching release channels?  Find out how here If you find a new issue, please let us know by filing a bug The community help forum is ...

Github Repositories

https://github.com/c3l3si4n/malicious_nuclei_templates

Collection of nuclei templates that can be used for malicious purposes

malicious_nuclei_templates This is a collection of malicious templates that can be used in projectdiscovery/nuclei to achieve some kind of security compromise Templates rce-CVE-2021-21224yaml This is a RCE that exploited an outdated go-rod library of Nuclei, which runs an outdated unsandboxed version of Chromium when using the headless engine Changing the shellcode on the sh

Recent Articles

TOP 10 unattributed APT mysteries
Securelist • Costin Raiu • 07 Oct 2022

Targeted attack attribution is always a tricky thing, and in general, we believe that attribution is best left to law enforcement agencies. The reason is that, while in 90%, it is possible to understand a few things about the attackers, such as their native language or even location, the remaining 10% can lead to embarrassing attribution errors or worse. High-profile actors make every effort to stay undetected inside the victim’s infrastructure and to leave as few traces as they can. They impl...

Read more...

References

CWE-843https://crbug.com/1195777https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_20.htmlhttps://www.debian.org/security/2021/dsa-4906https://security.gentoo.org/glsa/202104-08https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUZBGKGVZADNA3I24NVG7HAYYUTOSN5A/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EAJ42L4JFPBJATCZ7MOZQTUDGV4OEHHG/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3GZ42MYPGD35V652ZPVPYYS7A7LVXVY/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987358https://nvd.nist.govhttps://github.com/c3l3si4n/malicious_nuclei_templateshttps://www.debian.org/security/2021/dsa-4906
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook