Published: 23/11/2021 Updated: 18/02/2022
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

Inappropriate implementation in V8 in Google Chrome before 95.0.4638.69 allowed a remote malicious user to potentially exploit heap corruption via a crafted HTML page.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

google chrome

fedoraproject fedora 34

debian debian linux 10.0

debian debian linux 11.0

Vendor Advisories

An inappropriate implementation security issue has been found in the V8 component of the Chromium browser engine before version 950463869 Google is aware that an exploit for CVE-2021-38003 exists in the wild ...
Arch Linux Security Advisory ASA-202110-7 ========================================= Severity: High Date : 2021-10-29 CVE-ID : CVE-2021-37997 CVE-2021-37998 CVE-2021-37999 CVE-2021-38000 CVE-2021-38001 CVE-2021-38002 CVE-2021-38003 Package : chromium Type : multiple issues Remote : Yes Link : securityarchlinuxorg/AVG- ...
The Stable channel has been updated to 950463869 for Windows, Mac and Linux which will roll out over the coming days/weeks A full list of changes in this build is available in the log Interested in switching release channels? Find out how here If you find a new issue, please let us know by filing a bug The community help forum is also a grea ...
Arch Linux Security Advisory ASA-202111-8 ========================================= Severity: High Date : 2021-11-18 CVE-ID : CVE-2021-37997 CVE-2021-37998 CVE-2021-37999 CVE-2021-38000 CVE-2021-38001 CVE-2021-38002 CVE-2021-38003 CVE-2021-38004 Package : opera Type : multiple issues Remote : Yes Link : securityarchli ...
Arch Linux Security Advisory ASA-202112-1 ========================================= Severity: High Date : 2021-12-03 CVE-ID : CVE-2021-37981 CVE-2021-37982 CVE-2021-37984 CVE-2021-37985 CVE-2021-37986 CVE-2021-37987 CVE-2021-37988 CVE-2021-37989 CVE-2021-37990 CVE-2021-37991 CVE-2021-37992 CVE-2021-37993 CVE-2021- ...
Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure For the oldstable distribution (buster), security support for Chromium has been discontinued due to toolchain issues which no longer allow to build current Chromium releases on buster You can eit ...

Recent Articles

Emergency Google Chrome update fixes zero-days used in attacks
BleepingComputer • Lawrence Abrams • 01 Jan 1970

Google has released Chrome 95.0.4638.69 for Windows, Mac, and Linux to fix two zero-day vulnerabilities that attackers have actively exploited.
"Google is aware that exploits for CVE-2021-38000 and CVE-2021-38003 exist in the wild," Google disclosed in the
in today's Google Chrome release.
While Google states that the new version may take some time to reach everyone, the update has already started rolling out Chrome 95.0.4638.69 to users worldwide in the Stable Desktop chann...

Predator spyware sold with Chrome, Android zero-day exploits to monitor targets
The Register • Jessica Lyons Hardcastle • 01 Jan 1970

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Or so says Google after tracking 30+ vendors peddling surveillance malware

Spyware vendor Cytrox sold zero-day exploits to government-backed snoops who used them to deploy the firm's Predator spyware in at least three campaigns in 2021, according to Google's Threat Analysis Group (TAG).
The Predator campaigns relied on four vulnerabilities in Chrome (CVE-2021-37973, CVE-2021-37976, CVE-2021-38000 and CVE-2021-38003) and one in Android (CVE-2021-1048) to infect devices with the surveillance-ware. 
Based on CitizenLab's analysis of Predator spyware, Goog...