FreeBSDBDAECFAD-3117-11EC-B3B0-3065EC8FD3ECchromium -- multiple vulnerabilities
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
70.2%
Chrome Releases reports:
This release contains 19 security fixes, including:
[1246631] High CVE-2021-37981: Heap buffer overflow in Skia.
Reported by Yangkang (@dnpushme) of 360 ATA on 2021-09-04
[1248661] High CVE-2021-37982: Use after free in Incognito.
Reported by Weipeng Jiang (@Krace) from Codesafe Team of
Legendsec at Qiβanxin Group on 2021-09-11
[1249810] High CVE-2021-37983: Use after free in Dev Tools.
Reported by Zhihua Yao of KunLun Lab on 2021-09-15
[1253399] High CVE-2021-37984: Heap buffer overflow in PDFium.
Reported by Antti LevomΓ€ki, Joonas Pihlaja andChristian Jali
from Forcepoint on 2021-09-27
[1241860] High CVE-2021-37985: Use after free in V8. Reported
by Yangkang (@dnpushme) of 360 ATA on 2021-08-20
[1242404] Medium CVE-2021-37986: Heap buffer overflow in
Settings. Reported by raven (@raid_akame) on 2021-08-23
[1206928] Medium CVE-2021-37987: Use after free in Network APIs.
Reported by Yangkang (@dnpushme) of 360 ATA on 2021-05-08
[1228248] Medium CVE-2021-37988: Use after free in Profiles.
Reported by raven (@raid_akame) on 2021-07-12
[1233067] Medium CVE-2021-37989: Inappropriate implementation
in Blink. Reported by Matt Dyas, Ankur Sundara on 2021-07-26
[1247395] Medium CVE-2021-37990: Inappropriate implementation
in WebView. Reported by Kareem Selim of CyShield on
2021-09-07
[1250660] Medium CVE-2021-37991: Race in V8. Reported by Samuel
Gross of Google Project Zero on 2021-09-17
[1253746] Medium CVE-2021-37992: Out of bounds read in WebAudio.
Reported by sunburst@Ant Security Light-Year Lab on
2021-09-28
[1255332] Medium CVE-2021-37993: Use after free in PDF
Accessibility. Reported by Cassidy Kim of Amber Security Lab,
OPPO Mobile Telecommunications Corp. Ltd. on 2021-10-02
[1243020] Medium CVE-2021-37996: Insufficient validation of
untrusted input in Downloads. Reported by Anonymous on
2021-08-24
[1100761] Low CVE-2021-37994: Inappropriate implementation in
iFrame Sandbox. Reported by David Erceg on 2020-06-30
[1242315] Low CVE-2021-37995: Inappropriate implementation in
WebApp Installer. Reported by Terence Eden on 2021-08-23
Related
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
70.2%