9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
70.1%
Severity: High
Date : 2021-10-21
CVE-ID : CVE-2021-37981 CVE-2021-37982 CVE-2021-37983 CVE-2021-37984
CVE-2021-37985 CVE-2021-37986 CVE-2021-37987 CVE-2021-37988
CVE-2021-37989 CVE-2021-37990 CVE-2021-37991 CVE-2021-37992
CVE-2021-37993 CVE-2021-37994 CVE-2021-37995 CVE-2021-37996
Package : chromium
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-2474
The package chromium before version 95.0.4638.54-1 is vulnerable to
multiple issues including arbitrary code execution, information
disclosure and insufficient validation.
Upgrade to 95.0.4638.54-1.
The problems have been fixed upstream in version 95.0.4638.54.
None.
A heap buffer overflow security issue has been found in the Skia
component of the Chromium browser engine before version 95.0.4638.54.
A use after free security issue has been found in the Incognito
component of the Chromium browser engine before version 95.0.4638.54.
A use after free security issue has been found in the Dev Tools
component of the Chromium browser engine before version 95.0.4638.54.
A heap buffer overflow security issue has been found in the PDFium
component of the Chromium browser engine before version 95.0.4638.54.
A use after free security issue has been found in the V8 component of
the Chromium browser engine before version 95.0.4638.54.
A heap buffer overflow security issue has been found in the Settings
component of the Chromium browser engine before version 95.0.4638.54.
A use after free security issue has been found in the Network APIs
component of the Chromium browser engine before version 95.0.4638.54.
A use after free security issue has been found in the Profiles
component of the Chromium browser engine before version 95.0.4638.54.
An inappropriate implementation security issue has been found in the
Blink component of the Chromium browser engine before version
95.0.4638.54.
An inappropriate implementation security issue has been found in the
WebView component of the Chromium browser engine before version
95.0.4638.54.
A race security issue has been found in the V8 component of the
Chromium browser engine before version 95.0.4638.54.
An out of bounds read security issue has been found in the WebAudio
component of the Chromium browser engine before version 95.0.4638.54.
A use after free security issue has been found in the PDF Accessibility
component of the Chromium browser engine before version 95.0.4638.54.
An inappropriate implementation security issue has been found in the
iFrame Sandbox component of the Chromium browser engine before version
95.0.4638.54.
An inappropriate implementation security issue has been found in the
WebApp Installer component of the Chromium browser engine before
version 95.0.4638.54.
An insufficient validation of untrusted input security issue has been
found in the Downloads component of the Chromium browser engine before
version 95.0.4638.54.
A remote attacker could execute arbitrary code or disclose sensitive
information through crafted web content.
https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html
https://crbug.com/1246631
https://crbug.com/1248661
https://crbug.com/1249810
https://crbug.com/1253399
https://crbug.com/1241860
https://crbug.com/1242404
https://crbug.com/1206928
https://crbug.com/1228248
https://crbug.com/1233067
https://crbug.com/1247395
https://crbug.com/1250660
https://crbug.com/1253746
https://crbug.com/1255332
https://crbug.com/1100761
https://crbug.com/1242315
https://crbug.com/1243020
https://security.archlinux.org/CVE-2021-37981
https://security.archlinux.org/CVE-2021-37982
https://security.archlinux.org/CVE-2021-37983
https://security.archlinux.org/CVE-2021-37984
https://security.archlinux.org/CVE-2021-37985
https://security.archlinux.org/CVE-2021-37986
https://security.archlinux.org/CVE-2021-37987
https://security.archlinux.org/CVE-2021-37988
https://security.archlinux.org/CVE-2021-37989
https://security.archlinux.org/CVE-2021-37990
https://security.archlinux.org/CVE-2021-37991
https://security.archlinux.org/CVE-2021-37992
https://security.archlinux.org/CVE-2021-37993
https://security.archlinux.org/CVE-2021-37994
https://security.archlinux.org/CVE-2021-37995
https://security.archlinux.org/CVE-2021-37996
chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html
crbug.com/1100761
crbug.com/1206928
crbug.com/1228248
crbug.com/1233067
crbug.com/1241860
crbug.com/1242315
crbug.com/1242404
crbug.com/1243020
crbug.com/1246631
crbug.com/1247395
crbug.com/1248661
crbug.com/1249810
crbug.com/1250660
crbug.com/1253399
crbug.com/1253746
crbug.com/1255332
security.archlinux.org/AVG-2474
security.archlinux.org/CVE-2021-37981
security.archlinux.org/CVE-2021-37982
security.archlinux.org/CVE-2021-37983
security.archlinux.org/CVE-2021-37984
security.archlinux.org/CVE-2021-37985
security.archlinux.org/CVE-2021-37986
security.archlinux.org/CVE-2021-37987
security.archlinux.org/CVE-2021-37988
security.archlinux.org/CVE-2021-37989
security.archlinux.org/CVE-2021-37990
security.archlinux.org/CVE-2021-37991
security.archlinux.org/CVE-2021-37992
security.archlinux.org/CVE-2021-37993
security.archlinux.org/CVE-2021-37994
security.archlinux.org/CVE-2021-37995
security.archlinux.org/CVE-2021-37996
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
70.1%