5.8
CVSSv2

CVE-2021-38000

Published: 23/11/2021 Updated: 24/11/2021
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Vulnerability Summary

Insufficient validation of untrusted input in Intents in Google Chrome on Android before 95.0.4638.69 allowed a remote malicious user to arbitrarily browser to a malicious URL via a crafted HTML page.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

google chrome

Vendor Advisories

An insufficient validation of untrusted input security issue has been found in the Intents component of the Chromium browser engine before version 950463869 Google is aware that an exploit for CVE-2021-38000 exists in the wild ...
Arch Linux Security Advisory ASA-202110-7 ========================================= Severity: High Date : 2021-10-29 CVE-ID : CVE-2021-37997 CVE-2021-37998 CVE-2021-37999 CVE-2021-38000 CVE-2021-38001 CVE-2021-38002 CVE-2021-38003 Package : chromium Type : multiple issues Remote : Yes Link : securityarchlinuxorg/AVG- ...
Arch Linux Security Advisory ASA-202111-8 ========================================= Severity: High Date : 2021-11-18 CVE-ID : CVE-2021-37997 CVE-2021-37998 CVE-2021-37999 CVE-2021-38000 CVE-2021-38001 CVE-2021-38002 CVE-2021-38003 CVE-2021-38004 Package : opera Type : multiple issues Remote : Yes Link : securityarchli ...
The Stable channel has been updated to 950463869 for Windows, Mac and Linux which will roll out over the coming days/weeks A full list of changes in this build is available in the log Interested in switching release channels? Find out how here If you find a new issue, please let us know by filing a bug The community help forum is also a grea ...

Recent Articles

Emergency Google Chrome update fixes zero-days used in attacks
BleepingComputer • Lawrence Abrams • 01 Jan 1970

Google has released Chrome 95.0.4638.69 for Windows, Mac, and Linux to fix two zero-day vulnerabilities that attackers have actively exploited.
"Google is aware that exploits for CVE-2021-38000 and CVE-2021-38003 exist in the wild," Google disclosed in the
in today's Google Chrome release.
While Google states that the new version may take some time to reach everyone, the update has already started rolling out Chrome 95.0.4638.69 to users worldwide in the Stable Desktop chann...