Lucene search

[email protected]CVE-2021-21106

HistoryJan 08, 2021 - 7:15 p.m.

CVE-2021-21106

2021-01-0819:15:00

CWE-416

[email protected]

web.nvd.nist.gov

156

cve-2021-21106

google chrome

autofill

remote code execution

sandbox escape

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.006 Low

EPSS

Percentile

78.1%

JSON

Use after free in autofill in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CPENameOperatorVersion
google:chromegoogle chromelt87.0.4280.141
fedoraproject:fedorafedoraproject fedoraeq32
fedoraproject:fedorafedoraproject fedoraeq33
debian:debian_linuxdebian debian linuxeq10.0

CPE	Name	Operator	Version
google:chrome	google chrome	lt	87.0.4280.141
fedoraproject:fedora	fedoraproject fedora	eq	32
fedoraproject:fedora	fedoraproject fedora	eq	33
debian:debian_linux	debian debian linux	eq	10.0