FreeBSD9FBA80E0-A771-11EB-97A0-E09467587C17chromium -- multiple vulnerabilities
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.016 Low
EPSS
Percentile
87.3%
Chrome Releases reports:
This release contains 9 security fixes, including:
[1199345] High CVE-2021-21227: Insufficient data validation in
V8. Reported by Gengming Liu of Singular Security Lab on
2021-04-15
[1175058] High CVE-2021-21232: Use after free in Dev Tools.
Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability
Research on 2021-02-05
[1182937] High CVE-2021-21233: Heap buffer overflow in ANGLE.
Reported by Omair on 2021-02-26
[1139156] Medium CVE-2021-21228: Insufficient policy enforcement
in extensions. Reported by Rob Wu on 2020-10-16
[$TBD][1198165] Medium CVE-2021-21229: Incorrect security UI in
downloads. Reported by Mohit Raj (shadow2639) on 2021-04-12
[1198705] Medium CVE-2021-21230: Type Confusion in V8. Reported
by Manfred Paul on 2021-04-13
[1198696] Low CVE-2021-21231: Insufficient data validation in
V8. Reported by Sergei Glazunov of Google Project Zero on
2021-04-13
Related
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.016 Low
EPSS
Percentile
87.3%