Vulnerability-Lookup

CVE-2021-21118 (GCVE-0-2021-21118)

Vulnerability from cvelistv5 – Published: 2021-02-09 13:55 – Updated: 2024-08-03 18:01

Summary

Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

Severity ?

No CVSS data available.

CWE

Insufficient data validation

Assigner

Chrome

References

URL

Tags

	https://chromereleases.googleblog.com/2021/01/sta…	x_refsource_MISC
	https://crbug.com/1161357	x_refsource_MISC
	https://msrc.microsoft.com/update-guide/en-US/vul…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Google	Chrome	Affected: unspecified , < 88.0.4324.96 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:01:14.202Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://crbug.com/1161357"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21118"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "88.0.4324.96",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Insufficient data validation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-24T19:46:04.000Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://crbug.com/1161357"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21118"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "chrome-cve-admin@google.com",
          "ID": "CVE-2021-21118",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Chrome",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "88.0.4324.96"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Google"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Insufficient data validation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html",
              "refsource": "MISC",
              "url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html"
            },
            {
              "name": "https://crbug.com/1161357",
              "refsource": "MISC",
              "url": "https://crbug.com/1161357"
            },
            {
              "name": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21118",
              "refsource": "MISC",
              "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21118"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2021-21118",
    "datePublished": "2021-02-09T13:55:55.000Z",
    "dateReserved": "2020-12-21T00:00:00.000Z",
    "dateUpdated": "2024-08-03T18:01:14.202Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2021-AVI-048

Vulnerability from certfr_avis - Published: 2021-01-20 - Updated: 2021-01-20

De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Google	Chrome	Google Chrome versions antérieures à 88.0.4324.96

References

Title

Publication Time

Tags

Bulletin de sécurité Google du 19 janvier 2021

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Google Chrome versions ant\u00e9rieures \u00e0 88.0.4324.96",
      "product": {
        "name": "Chrome",
        "vendor": {
          "name": "Google",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-21133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21133"
    },
    {
      "name": "CVE-2021-21136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21136"
    },
    {
      "name": "CVE-2021-21138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21138"
    },
    {
      "name": "CVE-2021-21128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21128"
    },
    {
      "name": "CVE-2021-21139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21139"
    },
    {
      "name": "CVE-2021-21140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21140"
    },
    {
      "name": "CVE-2021-21132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21132"
    },
    {
      "name": "CVE-2021-21126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21126"
    },
    {
      "name": "CVE-2021-21135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21135"
    },
    {
      "name": "CVE-2021-21129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21129"
    },
    {
      "name": "CVE-2021-21131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21131"
    },
    {
      "name": "CVE-2021-21122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21122"
    },
    {
      "name": "CVE-2021-21141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21141"
    },
    {
      "name": "CVE-2021-21124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21124"
    },
    {
      "name": "CVE-2021-21117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21117"
    },
    {
      "name": "CVE-2021-21123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21123"
    },
    {
      "name": "CVE-2021-21120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21120"
    },
    {
      "name": "CVE-2020-16044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-16044"
    },
    {
      "name": "CVE-2021-21137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21137"
    },
    {
      "name": "CVE-2021-21121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21121"
    },
    {
      "name": "CVE-2021-21130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21130"
    },
    {
      "name": "CVE-2021-21127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21127"
    },
    {
      "name": "CVE-2021-21118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21118"
    },
    {
      "name": "CVE-2021-21119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21119"
    },
    {
      "name": "CVE-2021-21134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21134"
    },
    {
      "name": "CVE-2021-21125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21125"
    }
  ],
  "initial_release_date": "2021-01-20T00:00:00",
  "last_revision_date": "2021-01-20T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-048",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-01-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Chrome.\nElles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Chrome",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Google du 19 janvier 2021",
      "url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html"
    }
  ]
}

CERTFR-2021-AVI-054

Vulnerability from certfr_avis - Published: 2021-01-22 - Updated: 2021-01-22

De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Microsoft	Edge	Microsoft Edge versions antérieures à 88.0.705.50
	Microsoft	Edge	Microsoft Edge (Chromiun-based) versions antérieures à 88.0.4324.96

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft CVE-2021-21140 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21139 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21118 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21121 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21141 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21136 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21133 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21123 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21134 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21132 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21128 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21127 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21120 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21135 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21131 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21119 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21129 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21122 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21126 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21137 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21124 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21130 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21125 du 21 janvier 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Edge versions ant\u00e9rieures \u00e0 88.0.705.50",
      "product": {
        "name": "Edge",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Edge (Chromiun-based) versions ant\u00e9rieures \u00e0 88.0.4324.96",
      "product": {
        "name": "Edge",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-21133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21133"
    },
    {
      "name": "CVE-2021-21136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21136"
    },
    {
      "name": "CVE-2021-21128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21128"
    },
    {
      "name": "CVE-2021-21139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21139"
    },
    {
      "name": "CVE-2021-21140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21140"
    },
    {
      "name": "CVE-2021-21132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21132"
    },
    {
      "name": "CVE-2021-21126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21126"
    },
    {
      "name": "CVE-2021-21135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21135"
    },
    {
      "name": "CVE-2021-21129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21129"
    },
    {
      "name": "CVE-2021-21131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21131"
    },
    {
      "name": "CVE-2021-21122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21122"
    },
    {
      "name": "CVE-2021-21141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21141"
    },
    {
      "name": "CVE-2021-21124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21124"
    },
    {
      "name": "CVE-2021-21123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21123"
    },
    {
      "name": "CVE-2021-21120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21120"
    },
    {
      "name": "CVE-2021-21137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21137"
    },
    {
      "name": "CVE-2021-21121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21121"
    },
    {
      "name": "CVE-2021-21130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21130"
    },
    {
      "name": "CVE-2021-21127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21127"
    },
    {
      "name": "CVE-2021-21118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21118"
    },
    {
      "name": "CVE-2021-21119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21119"
    },
    {
      "name": "CVE-2021-21134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21134"
    },
    {
      "name": "CVE-2021-21125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21125"
    }
  ],
  "initial_release_date": "2021-01-22T00:00:00",
  "last_revision_date": "2021-01-22T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-054",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-01-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Edge.\nElles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21140 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21140"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21139 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21139"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21118 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21118"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21121 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21121"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21141 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21141"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21136 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21136"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21133 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21133"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21123 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21123"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21134 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21134"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21132 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21132"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21128 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21128"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21127 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21127"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21120 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21120"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21135 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21136"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21131 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21131"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21119 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21119"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21129 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21129"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21122 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21122"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21126 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21126"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21137 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21137"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21124 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21124"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21130 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21130"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21125 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21125"
    }
  ]
}

CERTFR-2021-AVI-103

Vulnerability from certfr_avis - Published: 2021-02-10 - Updated: 2021-02-10

De multiples vulnérabilités ont été corrigées dans Microsoft Edge. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et un contournement de la fonctionnalité de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Microsoft	Edge	Microsoft Edge pour Android
	Microsoft	Edge	Microsoft Edge (Chromium-based)

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 09 février 2021

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Edge pour Android",
      "product": {
        "name": "Edge",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Edge (Chromium-based)",
      "product": {
        "name": "Edge",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-21133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21133"
    },
    {
      "name": "CVE-2021-21148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21148"
    },
    {
      "name": "CVE-2021-21136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21136"
    },
    {
      "name": "CVE-2021-21147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21147"
    },
    {
      "name": "CVE-2021-21128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21128"
    },
    {
      "name": "CVE-2021-21139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21139"
    },
    {
      "name": "CVE-2021-21140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21140"
    },
    {
      "name": "CVE-2021-21143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21143"
    },
    {
      "name": "CVE-2021-21132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21132"
    },
    {
      "name": "CVE-2021-21126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21126"
    },
    {
      "name": "CVE-2021-21135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21135"
    },
    {
      "name": "CVE-2021-21129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21129"
    },
    {
      "name": "CVE-2021-21142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21142"
    },
    {
      "name": "CVE-2021-21131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21131"
    },
    {
      "name": "CVE-2021-24113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-24113"
    },
    {
      "name": "CVE-2021-21122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21122"
    },
    {
      "name": "CVE-2021-21141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21141"
    },
    {
      "name": "CVE-2021-21145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21145"
    },
    {
      "name": "CVE-2021-21124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21124"
    },
    {
      "name": "CVE-2021-21123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21123"
    },
    {
      "name": "CVE-2021-21120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21120"
    },
    {
      "name": "CVE-2020-16044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-16044"
    },
    {
      "name": "CVE-2021-21137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21137"
    },
    {
      "name": "CVE-2021-21121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21121"
    },
    {
      "name": "CVE-2021-21130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21130"
    },
    {
      "name": "CVE-2021-24100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-24100"
    },
    {
      "name": "CVE-2021-21127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21127"
    },
    {
      "name": "CVE-2021-21144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21144"
    },
    {
      "name": "CVE-2021-21118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21118"
    },
    {
      "name": "CVE-2021-21146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21146"
    },
    {
      "name": "CVE-2021-21119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21119"
    },
    {
      "name": "CVE-2021-21134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21134"
    },
    {
      "name": "CVE-2021-21125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21125"
    }
  ],
  "initial_release_date": "2021-02-10T00:00:00",
  "last_revision_date": "2021-02-10T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-103",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-02-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Edge\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un\ncontournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 09 f\u00e9vrier 2021",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
    }
  ]
}

CVE-2021-21118

Vulnerability from fstec - Published: 20.01.2021

Title

Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Description

Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome связана с выходом операции за границы буфера в памяти. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код

Severity ?

Vendor

Microsoft Corp, Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра», Novell Inc., Google Inc, АО «ИВК», АО "НППКТ", АО «Концерн ВНИИНС»

Software Name

Microsoft Edge, Debian GNU/Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), OpenSUSE Leap, SUSE Package Hub for SUSE Linux Enterprise, Google Chrome, Альт 8 СП (запись в едином реестре российских программ №4305), ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), ОС ОН «Стрелец» (запись в едином реестре российских программ №6177)

Software Version

- (Microsoft Edge), 9 (Debian GNU/Linux), 1.6 «Смоленск» (Astra Linux Special Edition), 15.1 (OpenSUSE Leap), 8 (Debian GNU/Linux), 12 SP1 (SUSE Package Hub for SUSE Linux Enterprise), 15.2 (OpenSUSE Leap), 15 SP2 (SUSE Package Hub for SUSE Linux Enterprise), до 88.0.4324.96 (Google Chrome), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), - (Альт 8 СП), до 2.1 (ОСОН ОСнова Оnyx), до 16.01.2023 (ОС ОН «Стрелец»)

Possible Mitigations

Использование рекомендаций: Для Google Chrome: https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html Для Debian GNU/Linux: https://security-tracker.debian.org/tracker/CVE-2021-21118 Для программных продуктов Novell Inc.: https://www.suse.com/security/cve/CVE-2021-21118/ Для программных продуктов Microsoft Corp.: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21118 Для Astra Linux: Использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16 https://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17 https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47 Для ОСОН Основа: Обновление программного обеспечения chromium до версии 90.0.4430.212+repack-1~deb10u1.osnova2 Для ОС ОН «Стрелец»: Обновление программного обеспечения chromium до версии 105.0.5195.125+repack2-1~deb11u1.osnova1.strelets Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства

Reference

https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21118 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21118 https://nvd.nist.gov/vuln/detail/CVE-2021-21118 https://security-tracker.debian.org/tracker/CVE-2021-21118 https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210611SE16 https://www.suse.com/security/cve/CVE-2021-21118/ https://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17 https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47 https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.1/ https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023 https://altsp.su/obnovleniya-bezopasnosti/

CWE

CWE-119

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
  "CVSS 3.0": null,
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Microsoft Corp, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Novell Inc., Google Inc, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (Microsoft Edge), 9 (Debian GNU/Linux), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 15.1 (OpenSUSE Leap), 8 (Debian GNU/Linux), 12 SP1 (SUSE Package Hub for SUSE Linux Enterprise), 15.2 (OpenSUSE Leap), 15 SP2 (SUSE Package Hub for SUSE Linux Enterprise), \u0434\u043e 88.0.4324.96 (Google Chrome), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), \u0434\u043e 2.1 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Google Chrome:\nhttps://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2021-21118\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2021-21118/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Microsoft Corp.:\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21118\n\n\n\u0414\u043b\u044f Astra Linux:\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f chromium \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 90.0.4430.212+repack-1~deb10u1.osnova2\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f chromium \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 105.0.5195.125+repack2-1~deb11u1.osnova1.strelets\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "20.01.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "16.09.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "25.02.2021",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-00986",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-21118",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Microsoft Edge, Debian GNU/Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), OpenSUSE Leap, SUSE Package Hub for SUSE Linux Enterprise, Google Chrome, \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Novell Inc. OpenSUSE Leap 15.1 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , Novell Inc. OpenSUSE Leap 15.2 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f -  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430 JavaScript-\u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0435\u0432 V8 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Google Chrome, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0412\u044b\u0445\u043e\u0434 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 (CWE-119)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430 JavaScript-\u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0435\u0432 V8 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Google Chrome \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0432\u044b\u0445\u043e\u0434\u043e\u043c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html\nhttps://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21118\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21118\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-21118\nhttps://security-tracker.debian.org/tracker/CVE-2021-21118\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20210611SE16\nhttps://www.suse.com/security/cve/CVE-2021-21118/\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.1/\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023\nhttps://altsp.su/obnovleniya-bezopasnosti/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-119",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)"
}

CNVD-2021-17313

Vulnerability from cnvd - Published: 2021-03-15

Title

Google Chrome V8数据验证不足漏洞

Description

Chrome是由Google开发的一款设计简单、高效的Web浏览工具，其特点是简洁、快速。 Google Chrome 88.0.4324.96之前版本中的V8存在数据验证不足漏洞。攻击者可利用该通过精心制作的HTML页面执行超出范围的内存访问。

Severity

中

Patch Name

Google Chrome V8数据验证不足漏洞的补丁

Patch Description

Chrome是由Google开发的一款设计简单、高效的Web浏览工具，其特点是简洁、快速。 Google Chrome 88.0.4324.96之前版本中的V8存在数据验证不足漏洞。攻击者可利用该通过精心制作的HTML页面执行超出范围的内存访问。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://chromereleases.googleblog.com/

Reference

https://chromereleases.googleblog.com/

Impacted products

Name
Google Chrome <88.0.4324.96

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-21118",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-21118"
    }
  },
  "description": "Chrome\u662f\u7531Google\u5f00\u53d1\u7684\u4e00\u6b3e\u8bbe\u8ba1\u7b80\u5355\u3001\u9ad8\u6548\u7684Web\u6d4f\u89c8\u5de5\u5177\uff0c\u5176\u7279\u70b9\u662f\u7b80\u6d01\u3001\u5feb\u901f\u3002\n\nGoogle Chrome 88.0.4324.96\u4e4b\u524d\u7248\u672c\u4e2d\u7684V8\u5b58\u5728\u6570\u636e\u9a8c\u8bc1\u4e0d\u8db3\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u901a\u8fc7\u7cbe\u5fc3\u5236\u4f5c\u7684HTML\u9875\u9762\u6267\u884c\u8d85\u51fa\u8303\u56f4\u7684\u5185\u5b58\u8bbf\u95ee\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://chromereleases.googleblog.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-17313",
  "openTime": "2021-03-15",
  "patchDescription": "Chrome\u662f\u7531Google\u5f00\u53d1\u7684\u4e00\u6b3e\u8bbe\u8ba1\u7b80\u5355\u3001\u9ad8\u6548\u7684Web\u6d4f\u89c8\u5de5\u5177\uff0c\u5176\u7279\u70b9\u662f\u7b80\u6d01\u3001\u5feb\u901f\u3002\r\n\r\nGoogle Chrome 88.0.4324.96\u4e4b\u524d\u7248\u672c\u4e2d\u7684V8\u5b58\u5728\u6570\u636e\u9a8c\u8bc1\u4e0d\u8db3\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u901a\u8fc7\u7cbe\u5fc3\u5236\u4f5c\u7684HTML\u9875\u9762\u6267\u884c\u8d85\u51fa\u8303\u56f4\u7684\u5185\u5b58\u8bbf\u95ee\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Google Chrome V8\u6570\u636e\u9a8c\u8bc1\u4e0d\u8db3\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Google Chrome \u003c88.0.4324.96"
  },
  "referenceLink": "https://chromereleases.googleblog.com/",
  "serverity": "\u4e2d",
  "submitTime": "2021-01-20",
  "title": "Google Chrome V8\u6570\u636e\u9a8c\u8bc1\u4e0d\u8db3\u6f0f\u6d1e"
}

GSD-2021-21118

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

Aliases

CVE-2021-21118

Aliases

CVE-2021-21118

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-21118",
    "description": "Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.",
    "id": "GSD-2021-21118",
    "references": [
      "https://www.suse.com/security/cve/CVE-2021-21118.html",
      "https://www.debian.org/security/2021/dsa-4846",
      "https://advisories.mageia.org/CVE-2021-21118.html",
      "https://security.archlinux.org/CVE-2021-21118"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-21118"
      ],
      "details": "Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.",
      "id": "GSD-2021-21118",
      "modified": "2023-12-13T01:23:11.191904Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "chrome-cve-admin@google.com",
        "ID": "CVE-2021-21118",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Chrome",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "88.0.4324.96"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Google"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Insufficient data validation"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html",
            "refsource": "MISC",
            "url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html"
          },
          {
            "name": "https://crbug.com/1161357",
            "refsource": "MISC",
            "url": "https://crbug.com/1161357"
          },
          {
            "name": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21118",
            "refsource": "MISC",
            "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21118"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "88.0.4324.96",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "88.0.705.50",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "chrome-cve-admin@google.com",
          "ID": "CVE-2021-21118"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://crbug.com/1161357",
              "refsource": "MISC",
              "tags": [
                "Permissions Required",
                "Third Party Advisory"
              ],
              "url": "https://crbug.com/1161357"
            },
            {
              "name": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html"
            },
            {
              "name": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21118",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21118"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-03-15T18:44Z",
      "publishedDate": "2021-02-09T14:15Z"
    }
  }
}

GHSA-MCFG-RXC6-8CWX

Vulnerability from github – Published: 2022-05-24 17:41 – Updated: 2022-05-24 17:41

Details

Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-21118"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-02-09T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.",
  "id": "GHSA-mcfg-rxc6-8cwx",
  "modified": "2022-05-24T17:41:31Z",
  "published": "2022-05-24T17:41:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21118"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1161357"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21118"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2021-21118

Vulnerability from fkie_nvd - Published: 2021-02-09 14:15 - Updated: 2024-11-21 05:47

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

References

URL	Tags
chrome-cve-admin@google.com	https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html	Release Notes, Vendor Advisory
chrome-cve-admin@google.com	https://crbug.com/1161357	Permissions Required, Third Party Advisory
chrome-cve-admin@google.com	https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21118	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://crbug.com/1161357	Permissions Required, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21118	Patch, Third Party Advisory

Impacted products

	Vendor	Product	Version
	google	chrome	*
	microsoft	edge_chromium	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "565ED6B8-8F41-4E79-A280-33CB321E607F",
              "versionEndExcluding": "88.0.4324.96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4045760-DF4A-4728-9B52-0280FC45C05D",
              "versionEndExcluding": "88.0.705.50",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page."
    },
    {
      "lang": "es",
      "value": "Una comprobaci\u00f3n insuficiente de datos en V8 en Google Chrome versiones anteriores a 88.0.4324.96, permiti\u00f3 a un atacante remoto llevar a cabo potencialmente un acceso a la memoria fuera de l\u00edmites por medio de una p\u00e1gina HTML dise\u00f1ada"
    }
  ],
  "id": "CVE-2021-21118",
  "lastModified": "2024-11-21T05:47:36.230",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-02-09T14:15:15.513",
  "references": [
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Permissions Required",
        "Third Party Advisory"
      ],
      "url": "https://crbug.com/1161357"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21118"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required",
        "Third Party Advisory"
      ],
      "url": "https://crbug.com/1161357"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21118"
    }
  ],
  "sourceIdentifier": "chrome-cve-admin@google.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-21118 (GCVE-0-2021-21118)

Solution

Solution

Solution

Tags

Sightings

Nomenclature