9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.019 Low
EPSS
Percentile
88.5%
Severity: High
Date : 2021-10-29
CVE-ID : CVE-2021-37997 CVE-2021-37998 CVE-2021-37999 CVE-2021-38000
CVE-2021-38001 CVE-2021-38002 CVE-2021-38003
Package : chromium
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-2504
The package chromium before version 95.0.4638.69-1 is vulnerable to
multiple issues including arbitrary code execution and insufficient
validation.
Upgrade to 95.0.4638.69-1.
The problems have been fixed upstream in version 95.0.4638.69.
None.
A use after free security issue has been found in the Sign-In component
of the Chromium browser engine before version 95.0.4638.69.
A use after free security issue has been found in the Garbage
Collection component of the Chromium browser engine before version
95.0.4638.69.
An insufficient data validation security issue has been found in the
New Tab Page component of the Chromium browser engine before version
95.0.4638.69.
An insufficient validation of untrusted input security issue has been
found in the Intents component of the Chromium browser engine before
version 95.0.4638.69. Google is aware that an exploit for
CVE-2021-38000 exists in the wild.
A type confusion security issue has been found in the V8 component of
the Chromium browser engine before version 95.0.4638.69.
A use after free security issue has been found in the Web Transport
component of the Chromium browser engine before version 95.0.4638.69.
An inappropriate implementation security issue has been found in the V8
component of the Chromium browser engine before version 95.0.4638.69.
Google is aware that an exploit for CVE-2021-38003 exists in the wild.
A remote attacker could execute arbitrary code through crafted web
content. Google is aware that exploits for two of the security issues
exist in the wild.
https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html
https://crbug.com/1259864
https://crbug.com/1259587
https://crbug.com/1251541
https://crbug.com/1249962
https://crbug.com/1260577
https://crbug.com/1260940
https://crbug.com/1263462
https://security.archlinux.org/CVE-2021-37997
https://security.archlinux.org/CVE-2021-37998
https://security.archlinux.org/CVE-2021-37999
https://security.archlinux.org/CVE-2021-38000
https://security.archlinux.org/CVE-2021-38001
https://security.archlinux.org/CVE-2021-38002
https://security.archlinux.org/CVE-2021-38003
chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html
crbug.com/1249962
crbug.com/1251541
crbug.com/1259587
crbug.com/1259864
crbug.com/1260577
crbug.com/1260940
crbug.com/1263462
security.archlinux.org/AVG-2504
security.archlinux.org/CVE-2021-37997
security.archlinux.org/CVE-2021-37998
security.archlinux.org/CVE-2021-37999
security.archlinux.org/CVE-2021-38000
security.archlinux.org/CVE-2021-38001
security.archlinux.org/CVE-2021-38002
security.archlinux.org/CVE-2021-38003
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.019 Low
EPSS
Percentile
88.5%