Lucene search

K
freebsdFreeBSD976D7BF9-38EA-11EC-B3B0-3065EC8FD3EC
HistoryOct 28, 2021 - 12:00 a.m.

chromium -- multiple vulnerabilities

2021-10-2800:00:00
vuxml.freebsd.org
37

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS

0.021

Percentile

89.1%

Chrome Releases reports:

This release contains 8 security fixes, including:

[1259864] High CVE-2021-37997 : Use after free in Sign-In.
Reported by Wei Yuan of MoyunSec VLab on 2021-10-14
[1259587] High CVE-2021-37998 : Use after free in Garbage
Collection. Reported by Cassidy Kim of Amber Security Lab, OPPO
Mobile Telecommunications Corp. Ltd. on 2021-10-13
[1251541] High CVE-2021-37999 : Insufficient data validation in
New Tab Page. Reported by Ashish Arun Dhone on 2021-09-21
[1249962] High CVE-2021-38000 : Insufficient validation of
untrusted input in Intents. Reported by Clement Lecigne, Neel
Mehta, and Maddie Stone of Google Threat Analysis Group on
2021-09-15
[1260577] High CVE-2021-38001 : Type Confusion in V8. Reported
by @s0rrymybad of Kunlun Lab via Tianfu Cup on 2021-10-16
[1260940] High CVE-2021-38002 : Use after free in Web Transport.
Reported by @__R0ng of 360 Alpha Lab, ? via Tianfu Cup on
2021-10-16
[1263462] High CVE-2021-38003 : Inappropriate implementation in
V8. Reported by Clément Lecigne from Google TAG and Samuel Gross
from Google Project Zero on 2021-10-26

Google is aware that exploits for CVE-2021-38000 and
CVE-2021-38003 exist in the wild.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchchromium< 95.0.4638.69UNKNOWN

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS

0.021

Percentile

89.1%