Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
606
VMScore

CVE-2021-38001

Published: 23/11/2021 Updated: 07/11/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 606
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Google

Vulnerability Summary

Type confusion in V8 in Google Chrome before 95.0.4638.69 allowed a remote malicious user to potentially exploit heap corruption via a crafted HTML page.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

google chrome

fedoraproject fedora 34

debian debian linux 10.0

debian debian linux 11.0

Vendor Advisories

Debian Security Advisories: DSA-5046-1 chromium -- security update
Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure For the oldstable distribution (buster), security support for Chromium has been discontinued due to toolchain issues which no longer allow to build current Chromium releases on buster You can eit ...
Arch Linux Issues:
A type confusion security issue has been found in the V8 component of the Chromium browser engine before version 950463869 ...
Google Chrome: Stable Channel Update for Desktop
The Stable channel has been updated to 950463869 for Windows, Mac and Linux which will roll out over the coming days/weeks A full list of changes in this build is available in the log Interested in switching release channels? Find out how here If you find a new issue, please let us know by filing a bug The community help forum is also a grea ...

Github Repositories

https://github.com/maldiohead/TFC-Chrome-v8-bug-CVE-2021-38001-poc

TFC-Chrome-v8-bug-CVE-2021-38001-poc run d8 with commandline: /d8 2mjs

https://github.com/glavstroy/CVE-2021-38001

A Brief Introduction to V8 Inline Cache and Exploitating Type Confusion

CVE-2021-38001 A Brief Introduction to V8 Inline Cache and Exploitating Type Confusion Exploitation y4yspace/2023/05/06/cve-2021-38001-a-brief-introduction-to-v8-inline-cache-and-exploitating-type-confusion/

https://github.com/vngkv123/aSiagaming

My Chrome and Safari exploit code + write-up repo

My Browser Exploitation Repository Chrome Safari Tutorials Simple V8 exploitation tutorial is here :) Tutorials 1-day INFO Credit Tag Target CVE-2021-38001 S0rryMybad (TianfuCup 2021) RCE Chrome crbug-762874 _tsuro RCE Chrome crbug-821137 ??? RCE Chrome crbug-716044 halbecaf RCE Chrome crbug-880207 _tsuro RCE Chrome crbug-888923 ??? RCE Chrome crbug-906043

https://github.com/Peterpan0927/TFC-Chrome-v8-bug-CVE-2021-38001-poc

TFC-Chrome-v8-bug-CVE-2021-38001-poc run d8 with commdline: /d8 2mjs

References

CWE-843https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.htmlhttps://crbug.com/1260577https://www.debian.org/security/2022/dsa-5046https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744/https://nvd.nist.govhttps://www.debian.org/security/2022/dsa-5046https://github.com/glavstroy/CVE-2021-38001
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook