Vulnerability-Lookup

CVE-2021-21135 (GCVE-0-2021-21135)

Vulnerability from cvelistv5 – Published: 2021-02-09 13:56 – Updated: 2024-08-03 18:01

Summary

Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Severity ?

No CVSS data available.

CWE

Inappropriate implementation

Assigner

Chrome

References

URL

Tags

	https://chromereleases.googleblog.com/2021/01/sta…	x_refsource_MISC
	https://crbug.com/1157818	x_refsource_MISC
	https://msrc.microsoft.com/update-guide/en-US/vul…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Google	Chrome	Affected: unspecified , < 88.0.4324.96 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:01:14.154Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://crbug.com/1157818"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21135"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "88.0.4324.96",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Inappropriate implementation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-24T20:01:44.000Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://crbug.com/1157818"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21135"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "chrome-cve-admin@google.com",
          "ID": "CVE-2021-21135",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Chrome",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "88.0.4324.96"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Google"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Inappropriate implementation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html",
              "refsource": "MISC",
              "url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html"
            },
            {
              "name": "https://crbug.com/1157818",
              "refsource": "MISC",
              "url": "https://crbug.com/1157818"
            },
            {
              "name": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21135",
              "refsource": "MISC",
              "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21135"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2021-21135",
    "datePublished": "2021-02-09T13:56:07.000Z",
    "dateReserved": "2020-12-21T00:00:00.000Z",
    "dateUpdated": "2024-08-03T18:01:14.154Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2021-AVI-048

Vulnerability from certfr_avis - Published: 2021-01-20 - Updated: 2021-01-20

De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Google	Chrome	Google Chrome versions antérieures à 88.0.4324.96

References

Title

Publication Time

Tags

Bulletin de sécurité Google du 19 janvier 2021

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Google Chrome versions ant\u00e9rieures \u00e0 88.0.4324.96",
      "product": {
        "name": "Chrome",
        "vendor": {
          "name": "Google",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-21133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21133"
    },
    {
      "name": "CVE-2021-21136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21136"
    },
    {
      "name": "CVE-2021-21138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21138"
    },
    {
      "name": "CVE-2021-21128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21128"
    },
    {
      "name": "CVE-2021-21139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21139"
    },
    {
      "name": "CVE-2021-21140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21140"
    },
    {
      "name": "CVE-2021-21132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21132"
    },
    {
      "name": "CVE-2021-21126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21126"
    },
    {
      "name": "CVE-2021-21135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21135"
    },
    {
      "name": "CVE-2021-21129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21129"
    },
    {
      "name": "CVE-2021-21131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21131"
    },
    {
      "name": "CVE-2021-21122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21122"
    },
    {
      "name": "CVE-2021-21141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21141"
    },
    {
      "name": "CVE-2021-21124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21124"
    },
    {
      "name": "CVE-2021-21117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21117"
    },
    {
      "name": "CVE-2021-21123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21123"
    },
    {
      "name": "CVE-2021-21120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21120"
    },
    {
      "name": "CVE-2020-16044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-16044"
    },
    {
      "name": "CVE-2021-21137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21137"
    },
    {
      "name": "CVE-2021-21121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21121"
    },
    {
      "name": "CVE-2021-21130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21130"
    },
    {
      "name": "CVE-2021-21127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21127"
    },
    {
      "name": "CVE-2021-21118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21118"
    },
    {
      "name": "CVE-2021-21119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21119"
    },
    {
      "name": "CVE-2021-21134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21134"
    },
    {
      "name": "CVE-2021-21125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21125"
    }
  ],
  "initial_release_date": "2021-01-20T00:00:00",
  "last_revision_date": "2021-01-20T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-048",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-01-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Chrome.\nElles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Chrome",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Google du 19 janvier 2021",
      "url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html"
    }
  ]
}

CERTFR-2021-AVI-054

Vulnerability from certfr_avis - Published: 2021-01-22 - Updated: 2021-01-22

De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Microsoft	Edge	Microsoft Edge versions antérieures à 88.0.705.50
	Microsoft	Edge	Microsoft Edge (Chromiun-based) versions antérieures à 88.0.4324.96

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft CVE-2021-21140 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21139 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21118 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21121 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21141 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21136 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21133 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21123 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21134 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21132 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21128 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21127 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21120 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21135 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21131 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21119 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21129 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21122 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21126 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21137 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21124 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21130 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21125 du 21 janvier 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Edge versions ant\u00e9rieures \u00e0 88.0.705.50",
      "product": {
        "name": "Edge",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Edge (Chromiun-based) versions ant\u00e9rieures \u00e0 88.0.4324.96",
      "product": {
        "name": "Edge",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-21133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21133"
    },
    {
      "name": "CVE-2021-21136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21136"
    },
    {
      "name": "CVE-2021-21128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21128"
    },
    {
      "name": "CVE-2021-21139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21139"
    },
    {
      "name": "CVE-2021-21140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21140"
    },
    {
      "name": "CVE-2021-21132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21132"
    },
    {
      "name": "CVE-2021-21126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21126"
    },
    {
      "name": "CVE-2021-21135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21135"
    },
    {
      "name": "CVE-2021-21129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21129"
    },
    {
      "name": "CVE-2021-21131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21131"
    },
    {
      "name": "CVE-2021-21122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21122"
    },
    {
      "name": "CVE-2021-21141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21141"
    },
    {
      "name": "CVE-2021-21124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21124"
    },
    {
      "name": "CVE-2021-21123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21123"
    },
    {
      "name": "CVE-2021-21120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21120"
    },
    {
      "name": "CVE-2021-21137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21137"
    },
    {
      "name": "CVE-2021-21121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21121"
    },
    {
      "name": "CVE-2021-21130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21130"
    },
    {
      "name": "CVE-2021-21127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21127"
    },
    {
      "name": "CVE-2021-21118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21118"
    },
    {
      "name": "CVE-2021-21119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21119"
    },
    {
      "name": "CVE-2021-21134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21134"
    },
    {
      "name": "CVE-2021-21125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21125"
    }
  ],
  "initial_release_date": "2021-01-22T00:00:00",
  "last_revision_date": "2021-01-22T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-054",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-01-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Edge.\nElles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21140 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21140"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21139 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21139"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21118 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21118"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21121 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21121"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21141 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21141"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21136 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21136"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21133 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21133"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21123 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21123"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21134 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21134"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21132 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21132"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21128 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21128"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21127 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21127"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21120 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21120"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21135 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21136"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21131 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21131"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21119 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21119"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21129 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21129"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21122 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21122"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21126 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21126"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21137 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21137"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21124 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21124"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21130 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21130"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21125 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21125"
    }
  ]
}

CERTFR-2021-AVI-103

Vulnerability from certfr_avis - Published: 2021-02-10 - Updated: 2021-02-10

De multiples vulnérabilités ont été corrigées dans Microsoft Edge. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et un contournement de la fonctionnalité de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Microsoft	Edge	Microsoft Edge pour Android
	Microsoft	Edge	Microsoft Edge (Chromium-based)

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 09 février 2021

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Edge pour Android",
      "product": {
        "name": "Edge",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Edge (Chromium-based)",
      "product": {
        "name": "Edge",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-21133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21133"
    },
    {
      "name": "CVE-2021-21148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21148"
    },
    {
      "name": "CVE-2021-21136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21136"
    },
    {
      "name": "CVE-2021-21147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21147"
    },
    {
      "name": "CVE-2021-21128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21128"
    },
    {
      "name": "CVE-2021-21139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21139"
    },
    {
      "name": "CVE-2021-21140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21140"
    },
    {
      "name": "CVE-2021-21143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21143"
    },
    {
      "name": "CVE-2021-21132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21132"
    },
    {
      "name": "CVE-2021-21126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21126"
    },
    {
      "name": "CVE-2021-21135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21135"
    },
    {
      "name": "CVE-2021-21129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21129"
    },
    {
      "name": "CVE-2021-21142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21142"
    },
    {
      "name": "CVE-2021-21131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21131"
    },
    {
      "name": "CVE-2021-24113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-24113"
    },
    {
      "name": "CVE-2021-21122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21122"
    },
    {
      "name": "CVE-2021-21141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21141"
    },
    {
      "name": "CVE-2021-21145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21145"
    },
    {
      "name": "CVE-2021-21124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21124"
    },
    {
      "name": "CVE-2021-21123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21123"
    },
    {
      "name": "CVE-2021-21120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21120"
    },
    {
      "name": "CVE-2020-16044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-16044"
    },
    {
      "name": "CVE-2021-21137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21137"
    },
    {
      "name": "CVE-2021-21121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21121"
    },
    {
      "name": "CVE-2021-21130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21130"
    },
    {
      "name": "CVE-2021-24100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-24100"
    },
    {
      "name": "CVE-2021-21127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21127"
    },
    {
      "name": "CVE-2021-21144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21144"
    },
    {
      "name": "CVE-2021-21118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21118"
    },
    {
      "name": "CVE-2021-21146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21146"
    },
    {
      "name": "CVE-2021-21119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21119"
    },
    {
      "name": "CVE-2021-21134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21134"
    },
    {
      "name": "CVE-2021-21125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21125"
    }
  ],
  "initial_release_date": "2021-02-10T00:00:00",
  "last_revision_date": "2021-02-10T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-103",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-02-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Edge\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un\ncontournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 09 f\u00e9vrier 2021",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
    }
  ]
}

GSD-2021-21135

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Aliases

CVE-2021-21135

Aliases

CVE-2021-21135

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-21135",
    "description": "Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
    "id": "GSD-2021-21135",
    "references": [
      "https://www.suse.com/security/cve/CVE-2021-21135.html",
      "https://www.debian.org/security/2021/dsa-4846",
      "https://advisories.mageia.org/CVE-2021-21135.html",
      "https://security.archlinux.org/CVE-2021-21135"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-21135"
      ],
      "details": "Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
      "id": "GSD-2021-21135",
      "modified": "2023-12-13T01:23:10.990151Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "chrome-cve-admin@google.com",
        "ID": "CVE-2021-21135",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Chrome",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "88.0.4324.96"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Google"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Inappropriate implementation"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html",
            "refsource": "MISC",
            "url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html"
          },
          {
            "name": "https://crbug.com/1157818",
            "refsource": "MISC",
            "url": "https://crbug.com/1157818"
          },
          {
            "name": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21135",
            "refsource": "MISC",
            "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21135"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "88.0.4324.96",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "88.0.705.50",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "chrome-cve-admin@google.com",
          "ID": "CVE-2021-21135"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-346"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://crbug.com/1157818",
              "refsource": "MISC",
              "tags": [
                "Permissions Required",
                "Third Party Advisory"
              ],
              "url": "https://crbug.com/1157818"
            },
            {
              "name": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html"
            },
            {
              "name": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21135",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21135"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2021-03-08T18:52Z",
      "publishedDate": "2021-02-09T14:15Z"
    }
  }
}

CNVD-2021-22978

Vulnerability from cnvd - Published: 2021-03-29

Title

Google Chrome Performance API实现不当漏洞

Description

Chrome是由Google开发的一款设计简单、高效的Web浏览工具，其特点是简洁、快速。 Google Chrome 88.0.4324.96之前版本存在Performance API实现不当漏洞。攻击者可利用该漏洞通过精心制作的HTML页面泄漏跨源数据。

Severity

中

Patch Name

Google Chrome Performance API实现不当漏洞的补丁

Patch Description

Chrome是由Google开发的一款设计简单、高效的Web浏览工具，其特点是简洁、快速。 Google Chrome 88.0.4324.96之前版本存在Performance API实现不当漏洞。攻击者可利用该漏洞通过精心制作的HTML页面泄漏跨源数据。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新：h ttps://chromereleases.googleblog.com/

Reference

https://chromereleases.googleblog.com/

Impacted products

Name
Google Chrome <88.0.4324.96

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-21135",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-21135"
    }
  },
  "description": "Chrome\u662f\u7531Google\u5f00\u53d1\u7684\u4e00\u6b3e\u8bbe\u8ba1\u7b80\u5355\u3001\u9ad8\u6548\u7684Web\u6d4f\u89c8\u5de5\u5177\uff0c\u5176\u7279\u70b9\u662f\u7b80\u6d01\u3001\u5feb\u901f\u3002\n\nGoogle Chrome 88.0.4324.96\u4e4b\u524d\u7248\u672c\u5b58\u5728Performance API\u5b9e\u73b0\u4e0d\u5f53\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u7cbe\u5fc3\u5236\u4f5c\u7684HTML\u9875\u9762\u6cc4\u6f0f\u8de8\u6e90\u6570\u636e\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1ah\r\nttps://chromereleases.googleblog.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-22978",
  "openTime": "2021-03-29",
  "patchDescription": "Chrome\u662f\u7531Google\u5f00\u53d1\u7684\u4e00\u6b3e\u8bbe\u8ba1\u7b80\u5355\u3001\u9ad8\u6548\u7684Web\u6d4f\u89c8\u5de5\u5177\uff0c\u5176\u7279\u70b9\u662f\u7b80\u6d01\u3001\u5feb\u901f\u3002\r\n\r\nGoogle Chrome 88.0.4324.96\u4e4b\u524d\u7248\u672c\u5b58\u5728Performance API\u5b9e\u73b0\u4e0d\u5f53\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u7cbe\u5fc3\u5236\u4f5c\u7684HTML\u9875\u9762\u6cc4\u6f0f\u8de8\u6e90\u6570\u636e\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Google Chrome Performance API\u5b9e\u73b0\u4e0d\u5f53\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Google Chrome \u003c88.0.4324.96"
  },
  "referenceLink": "https://chromereleases.googleblog.com/",
  "serverity": "\u4e2d",
  "submitTime": "2021-01-20",
  "title": "Google Chrome Performance API\u5b9e\u73b0\u4e0d\u5f53\u6f0f\u6d1e"
}

GHSA-53H4-8F3M-4F7G

Vulnerability from github – Published: 2022-05-24 17:41 – Updated: 2022-05-24 17:41

Details

Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-21135"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-346"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-02-09T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
  "id": "GHSA-53h4-8f3m-4f7g",
  "modified": "2022-05-24T17:41:34Z",
  "published": "2022-05-24T17:41:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21135"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1157818"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21135"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2021-21135

Vulnerability from fstec - Published: 20.01.2021

Title

Уязвимость компонента Performance API веб-браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Description

Уязвимость компонента Performance API веб-браузера Google Chrome связана с отсутствием защиты передаваемых данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить несанкционированный доступ к защищаемой информации

Severity ?

Vendor

Microsoft Corp, Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра», Novell Inc., Google Inc, АО «ИВК», АО "НППКТ", АО «Концерн ВНИИНС»

Software Name

Microsoft Edge, Debian GNU/Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), OpenSUSE Leap, SUSE Package Hub for SUSE Linux Enterprise, Google Chrome, Альт 8 СП (запись в едином реестре российских программ №4305), ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), ОС ОН «Стрелец» (запись в едином реестре российских программ №6177)

Software Version

- (Microsoft Edge), 9 (Debian GNU/Linux), 1.6 «Смоленск» (Astra Linux Special Edition), 15.1 (OpenSUSE Leap), 10 (Debian GNU/Linux), 15.2 (OpenSUSE Leap), 15 SP2 (SUSE Package Hub for SUSE Linux Enterprise), до 88.0.4324.96 (Google Chrome), 15 SP1 (SUSE Package Hub for SUSE Linux Enterprise), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), - (Альт 8 СП), до 2.1 (ОСОН ОСнова Оnyx), до 16.01.2023 (ОС ОН «Стрелец»)

Possible Mitigations

Использование рекомендаций: Для Google Chrome: https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html Для программных продуктов Microsoft Corp.: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21135 Для Debian GNU/Linux: https://security-tracker.debian.org/tracker/CVE-2021-21135 Для программных продуктов Novell Inc.: https://www.suse.com/security/cve/CVE-2021-21135/ Для Astra Linux: Использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16 https://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17 https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47 Для ОСОН Основа: Обновление программного обеспечения chromium до версии 90.0.4430.212+repack-1~deb10u1.osnova2 Для ОС ОН «Стрелец»: Обновление программного обеспечения chromium до версии 105.0.5195.125+repack2-1~deb11u1.osnova1.strelets Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства

Reference

https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21135 https://nvd.nist.gov/vuln/detail/CVE-2021-21135 https://security-tracker.debian.org/tracker/CVE-2021-21135 https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210611SE16 https://www.suse.com/security/cve/CVE-2021-21135/ https://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17 https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47 https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.1/ https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023 https://altsp.su/obnovleniya-bezopasnosti/

CWE

CWE-346

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
  "CVSS 3.0": null,
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Microsoft Corp, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Novell Inc., Google Inc, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (Microsoft Edge), 9 (Debian GNU/Linux), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 15.1 (OpenSUSE Leap), 10 (Debian GNU/Linux), 15.2 (OpenSUSE Leap), 15 SP2 (SUSE Package Hub for SUSE Linux Enterprise), \u0434\u043e 88.0.4324.96 (Google Chrome), 15 SP1 (SUSE Package Hub for SUSE Linux Enterprise), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), \u0434\u043e 2.1 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Google Chrome:\nhttps://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Microsoft Corp.:\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21135\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2021-21135\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2021-21135/\n\n\n\u0414\u043b\u044f Astra Linux:\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f chromium \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 90.0.4430.212+repack-1~deb10u1.osnova2\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f chromium \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 105.0.5195.125+repack2-1~deb11u1.osnova1.strelets\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "20.01.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "16.09.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "23.02.2021",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-00961",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-21135",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Microsoft Edge, Debian GNU/Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), OpenSUSE Leap, SUSE Package Hub for SUSE Linux Enterprise, Google Chrome, \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Novell Inc. OpenSUSE Leap 15.1 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , Novell Inc. OpenSUSE Leap 15.2 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f -  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 Performance API \u0432\u0435\u0431-\u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Google Chrome, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041e\u0448\u0438\u0431\u043a\u0430 \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u044f \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0430 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-346)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 Performance API \u0432\u0435\u0431-\u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Google Chrome \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u0437\u0430\u0449\u0438\u0442\u044b \u043f\u0435\u0440\u0435\u0434\u0430\u0432\u0430\u0435\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0441\u0431\u043e\u0440 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21135\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-21135\nhttps://security-tracker.debian.org/tracker/CVE-2021-21135\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20210611SE16\nhttps://www.suse.com/security/cve/CVE-2021-21135/\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.1/\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023\nhttps://altsp.su/obnovleniya-bezopasnosti/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-346",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,3)"
}

FKIE_CVE-2021-21135

Vulnerability from fkie_nvd - Published: 2021-02-09 14:15 - Updated: 2024-11-21 05:47

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Summary

Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

References

URL	Tags
chrome-cve-admin@google.com	https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html	Release Notes, Vendor Advisory
chrome-cve-admin@google.com	https://crbug.com/1157818	Permissions Required, Third Party Advisory
chrome-cve-admin@google.com	https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21135	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://crbug.com/1157818	Permissions Required, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21135	Third Party Advisory

Impacted products

	Vendor	Product	Version
	google	chrome	*
	microsoft	edge_chromium	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "565ED6B8-8F41-4E79-A280-33CB321E607F",
              "versionEndExcluding": "88.0.4324.96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4045760-DF4A-4728-9B52-0280FC45C05D",
              "versionEndExcluding": "88.0.705.50",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page."
    },
    {
      "lang": "es",
      "value": "Una implementaci\u00f3n inapropiada en Performance API en Google Chrome versiones anteriores a 88.0.4324.96, permiti\u00f3 a un atacante remoto filtrar datos cross-origin por medio de una p\u00e1gina HTML dise\u00f1ada"
    }
  ],
  "id": "CVE-2021-21135",
  "lastModified": "2024-11-21T05:47:38.133",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-02-09T14:15:16.593",
  "references": [
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Permissions Required",
        "Third Party Advisory"
      ],
      "url": "https://crbug.com/1157818"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21135"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required",
        "Third Party Advisory"
      ],
      "url": "https://crbug.com/1157818"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21135"
    }
  ],
  "sourceIdentifier": "chrome-cve-admin@google.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-346"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-21135 (GCVE-0-2021-21135)

Solution

Solution

Solution

Tags

Sightings

Nomenclature