9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.008 Low
EPSS
Percentile
81.1%
Severity: High
Date : 2021-11-18
CVE-ID : CVE-2021-38005 CVE-2021-38006 CVE-2021-38007 CVE-2021-38008
CVE-2021-38009 CVE-2021-38010 CVE-2021-38011 CVE-2021-38012
CVE-2021-38013 CVE-2021-38014 CVE-2021-38015 CVE-2021-38016
CVE-2021-38017 CVE-2021-38018 CVE-2021-38019 CVE-2021-38020
CVE-2021-38021 CVE-2021-38022
Package : chromium
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-2560
The package chromium before version 96.0.4664.45-1 is vulnerable to
multiple issues including arbitrary code execution, access restriction
bypass, content spoofing, information disclosure, same-origin policy
bypass, sandbox escape and denial of service.
Upgrade to 96.0.4664.45-1.
The problems have been fixed upstream in version 96.0.4664.45.
None.
A use after free security issue has been found in the loader component
of the Chromium browser engine before version 96.0.4664.45.
A use after free security issue has been found in the storage
foundation component of the Chromium browser engine before version
96.0.4664.45.
A type confusion security issue has been found in the V8 component of
the Chromium browser engine before version 96.0.4664.45.
A use after free security issue has been found in the media component
of the Chromium browser engine before version 96.0.4664.45.
An inappropriate implementation security issue has been found in the
cache component of the Chromium browser engine before version
96.0.4664.45.
An inappropriate implementation security issue has been found in the
service workers component of the Chromium browser engine before version
96.0.4664.45.
A use after free security issue has been found in the storage
foundation component of the Chromium browser engine before version
96.0.4664.45.
A type confusion security issue has been found in the V8 component of
the Chromium browser engine before version 96.0.4664.45.
A heap buffer overflow security issue has been found in the fingerprint
recognition component of the Chromium browser engine before version
96.0.4664.45.
An out of bounds write security issue has been found in the Swiftshader
component of the Chromium browser engine before version 96.0.4664.45.
An inappropriate implementation security issue has been found in the
input component of the Chromium browser engine before version
96.0.4664.45.
An insufficient policy enforcement security issue has been found in the
background fetch component of the Chromium browser engine before
version 96.0.4664.45.
An insufficient policy enforcement security issue has been found in the
iframe sandbox component of the Chromium browser engine before version
96.0.4664.45.
An inappropriate implementation security issue has been found in the
navigation component of the Chromium browser engine before version
96.0.4664.45.
An insufficient policy enforcement security issue has been found in the
CORS component of the Chromium browser engine before version
96.0.4664.45.
An insufficient policy enforcement security issue has been found in the
contacts picker component of the Chromium browser engine before version
96.0.4664.45.
An inappropriate implementation security issue has been found in the
referrer component of the Chromium browser engine before version
96.0.4664.45.
An inappropriate implementation security issue has been found in the
WebAuthentication component of the Chromium browser engine before
version 96.0.4664.45.
A remote attacker could execute arbitrary code, spoof content, bypass
security restrictions or crash the browser through crafted web content.
https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html
https://crbug.com/1241091
https://crbug.com/1240593
https://crbug.com/1254189
https://crbug.com/1263620
https://crbug.com/1260649
https://crbug.com/1264477
https://crbug.com/1268274
https://crbug.com/1262791
https://crbug.com/1242392
https://crbug.com/1248567
https://crbug.com/957553
https://crbug.com/1244289
https://crbug.com/1256822
https://crbug.com/1197889
https://crbug.com/1251179
https://crbug.com/1259694
https://crbug.com/1233375
https://crbug.com/1248862
https://security.archlinux.org/CVE-2021-38005
https://security.archlinux.org/CVE-2021-38006
https://security.archlinux.org/CVE-2021-38007
https://security.archlinux.org/CVE-2021-38008
https://security.archlinux.org/CVE-2021-38009
https://security.archlinux.org/CVE-2021-38010
https://security.archlinux.org/CVE-2021-38011
https://security.archlinux.org/CVE-2021-38012
https://security.archlinux.org/CVE-2021-38013
https://security.archlinux.org/CVE-2021-38014
https://security.archlinux.org/CVE-2021-38015
https://security.archlinux.org/CVE-2021-38016
https://security.archlinux.org/CVE-2021-38017
https://security.archlinux.org/CVE-2021-38018
https://security.archlinux.org/CVE-2021-38019
https://security.archlinux.org/CVE-2021-38020
https://security.archlinux.org/CVE-2021-38021
https://security.archlinux.org/CVE-2021-38022
chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html
crbug.com/1197889
crbug.com/1233375
crbug.com/1240593
crbug.com/1241091
crbug.com/1242392
crbug.com/1244289
crbug.com/1248567
crbug.com/1248862
crbug.com/1251179
crbug.com/1254189
crbug.com/1256822
crbug.com/1259694
crbug.com/1260649
crbug.com/1262791
crbug.com/1263620
crbug.com/1264477
crbug.com/1268274
crbug.com/957553
security.archlinux.org/AVG-2560
security.archlinux.org/CVE-2021-38005
security.archlinux.org/CVE-2021-38006
security.archlinux.org/CVE-2021-38007
security.archlinux.org/CVE-2021-38008
security.archlinux.org/CVE-2021-38009
security.archlinux.org/CVE-2021-38010
security.archlinux.org/CVE-2021-38011
security.archlinux.org/CVE-2021-38012
security.archlinux.org/CVE-2021-38013
security.archlinux.org/CVE-2021-38014
security.archlinux.org/CVE-2021-38015
security.archlinux.org/CVE-2021-38016
security.archlinux.org/CVE-2021-38017
security.archlinux.org/CVE-2021-38018
security.archlinux.org/CVE-2021-38019
security.archlinux.org/CVE-2021-38020
security.archlinux.org/CVE-2021-38021
security.archlinux.org/CVE-2021-38022
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.008 Low
EPSS
Percentile
81.1%