Gentoo update for Chromium, Google Chrome
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 89 |
| CVE-ID | CVE-2021-21142 CVE-2021-21143 CVE-2021-21144 CVE-2021-21145 CVE-2021-21146 CVE-2021-21147 CVE-2021-21148 CVE-2021-21149 CVE-2021-21150 CVE-2021-21151 CVE-2021-21152 CVE-2021-21153 CVE-2021-21154 CVE-2021-21155 CVE-2021-21156 CVE-2021-21157 CVE-2021-21159 CVE-2021-21160 CVE-2021-21161 CVE-2021-21162 CVE-2021-21163 CVE-2021-21165 CVE-2021-21166 CVE-2021-21167 CVE-2021-21168 CVE-2021-21169 CVE-2021-21170 CVE-2021-21171 CVE-2021-21172 CVE-2021-21173 CVE-2021-21174 CVE-2021-21175 CVE-2021-21176 CVE-2021-21177 CVE-2021-21178 CVE-2021-21179 CVE-2021-21180 CVE-2021-21181 CVE-2021-21182 CVE-2021-21183 CVE-2021-21184 CVE-2021-21185 CVE-2021-21186 CVE-2021-21187 CVE-2021-21188 CVE-2021-21189 CVE-2021-2119 CVE-2021-21191 CVE-2021-21192 CVE-2021-21193 CVE-2021-21194 CVE-2021-21195 CVE-2021-21196 CVE-2021-21197 CVE-2021-21198 CVE-2021-21199 CVE-2021-21201 CVE-2021-21202 CVE-2021-21203 CVE-2021-21204 CVE-2021-21205 CVE-2021-21206 CVE-2021-21207 CVE-2021-21208 CVE-2021-21209 CVE-2021-21210 CVE-2021-21211 CVE-2021-21212 CVE-2021-21213 CVE-2021-21214 CVE-2021-21215 CVE-2021-21216 CVE-2021-21217 CVE-2021-21218 CVE-2021-21219 CVE-2021-21220 CVE-2021-21221 CVE-2021-21222 CVE-2021-21223 CVE-2021-21224 CVE-2021-21225 CVE-2021-21226 CVE-2021-21227 CVE-2021-21228 CVE-2021-21229 CVE-2021-21230 CVE-2021-21231 CVE-2021-21232 CVE-2021-21233 |
| CWE-ID | CWE-416 CWE-122 CWE-358 CWE-121 CWE-20 CWE-264 CWE-451 CWE-310 CWE-125 CWE-908 CWE-190 CWE-843 CWE-787 CWE-119 |
| Exploitation vector | Network |
| Public exploit |
Vulnerability #7 is being exploited in the wild. Vulnerability #23 is being exploited in the wild. Public exploit code for vulnerability #29 is available. Public exploit code for vulnerability #47 is available. Vulnerability #50 is being exploited in the wild. Vulnerability #62 is being exploited in the wild. Vulnerability #76 is being exploited in the wild. Vulnerability #80 is being exploited in the wild. |
| Vulnerable software |
Gentoo Linux Operating systems & Components / Operating system |
| Vendor | Gentoo |
Security Bulletin
This security bulletin contains information about 89 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU50259
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-21142
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Payments component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Heap-based buffer overflow
EUVDB-ID: #VU50260
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-21143
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in Extensions. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Heap-based buffer overflow
EUVDB-ID: #VU50261
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-21144
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in Tab Groups. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Use-after-free
EUVDB-ID: #VU50262
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-21145
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Fonts component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use-after-free
EUVDB-ID: #VU50263
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-21146
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Navigation component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improperly implemented security check for standard
EUVDB-ID: #VU50264
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-21147
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Skia in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Heap-based buffer overflow
EUVDB-ID: #VU50372
Risk: Critical
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]
CVE-ID: CVE-2021-21148
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the V8 engine in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Update the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
8) Stack-based buffer overflow
EUVDB-ID: #VU50755
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-21149
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a boundary error in Data Transfer in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage, trigger a stack-based buffer overflow and execute arbitrary code on the system.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Use-after-free
EUVDB-ID: #VU50747
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-21150
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Downloads component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Use-after-free
EUVDB-ID: #VU50748
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-21151
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Payments component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Heap-based buffer overflow
EUVDB-ID: #VU50749
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-21152
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in Media. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Stack-based buffer overflow
EUVDB-ID: #VU50756
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-21153
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a boundary error in GPU Process in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage, trigger a stack-based buffer overflow and execute arbitrary code on the system.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Heap-based buffer overflow
EUVDB-ID: #VU50750
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-21154
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in Tab Strip . A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Heap-based buffer overflow
EUVDB-ID: #VU50751
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-21155
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in Tab Strip . A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Heap-based buffer overflow
EUVDB-ID: #VU50752
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-21156
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in V8. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Use-after-free
EUVDB-ID: #VU50753
Risk: Medium
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-21157
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Web Sockets in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Heap-based buffer overflow
EUVDB-ID: #VU51122
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-21159
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in TabStrip. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Heap-based buffer overflow
EUVDB-ID: #VU51123
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-21160
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in WebAudio. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Heap-based buffer overflow
EUVDB-ID: #VU51124
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-21161
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in TabStrip. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Use-after-free
EUVDB-ID: #VU51125
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-21162
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the WebRTC component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Input validation error
EUVDB-ID: #VU51126
Risk: Medium
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-21163
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to improper input validation in Reader Mode in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage and execute arbitrary code on the system.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Improper control of a resource through its lifetime
EUVDB-ID: #VU51165
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-21165
CWE-ID: N/A
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to improper control of object lifetime in audio in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage, trigger a stack-based buffer overflow and execute arbitrary code on the system.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Improper control of a resource through its lifetime
EUVDB-ID: #VU51166
Risk: Critical
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]
CVE-ID: CVE-2021-21166
CWE-ID: N/A
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to improper control of object lifetime in audio in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage, trigger a stack-based buffer overflow and execute arbitrary code on the system.
Note, the vulnerability is being actively exploited in the wild.
Update the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
24) Use-after-free
EUVDB-ID: #VU51128
Risk: Medium
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-21167
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within bookmarks in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU51129
Risk: Medium
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-21168
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in appcache in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Improper control of a resource through its lifetime
EUVDB-ID: #VU51167
Risk: Medium
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-21169
CWE-ID: N/A
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to crash the browser.
The vulnerability exists due to a boundary condition within the V8 component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger an out-of-bounds read error and crash the browser.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Spoofing attack
EUVDB-ID: #VU51130
Risk: Medium
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-21170
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a spoofing attack.
The vulnerability exists due to insufficient validation of user-supplied input in Loader in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Spoofing attack
EUVDB-ID: #VU51131
Risk: Medium
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-21171
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a spoofing attack.
The vulnerability exists due to insufficient validation of user-supplied input in TabStrip and Navigation in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU51132
Risk: Medium
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2021-21172
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in File System API in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
30) Cryptographic issues
EUVDB-ID: #VU51133
Risk: Medium
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-21173
CWE-ID:
CWE-310 - Cryptographic Issues
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to side-channel information leak in Network Internals. Chrome Medium. A remote attacker can create a specially crafted web page, trick the victim into opening it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Improperly implemented security check for standard
EUVDB-ID: #VU51134
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-21174
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Referrer in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Improperly implemented security check for standard
EUVDB-ID: #VU51135
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-21175
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Site isolation in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Improperly implemented security check for standard
EUVDB-ID: #VU51136
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-21176
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in full screen mode in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU51137
Risk: Medium
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-21177
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in Autofill in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Improperly implemented security check for standard
EUVDB-ID: #VU51138
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-21178
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Compositing in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Use-after-free
EUVDB-ID: #VU51139
Risk: Medium
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-21179
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Network Internals in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Use-after-free
EUVDB-ID: #VU51140
Risk: Medium
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-21180
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within tab search in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Cryptographic issues
EUVDB-ID: #VU51141
Risk: Medium
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-21181
CWE-ID:
CWE-310 - Cryptographic Issues
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to side-channel information leak in autofill. Chrome Medium. A remote attacker can create a specially crafted web page, trick the victim into opening it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU51142
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-21182
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in navigations in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Improperly implemented security check for standard
EUVDB-ID: #VU51143
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-21183
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in performance APIs in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Improperly implemented security check for standard
EUVDB-ID: #VU51144
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-21184
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in performance APIs in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU51145
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-21185
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in extensions in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU51146
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-21186
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in QR scanning in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Input validation error
EUVDB-ID: #VU51147
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-21187
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied input in URL formatting in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Use-after-free
EUVDB-ID: #VU51148
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-21188
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to use-after-free error in Blink in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and crash the browser.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU51149
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-21189
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in payments in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Improper input validation
EUVDB-ID: #VU49870
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2021-2119
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a local privileged user to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Use-after-free
EUVDB-ID: #VU51434
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-21191
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within WebRTC component in Google Chrome. A remote attacker can trick the victim top open a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Heap-based buffer overflow
EUVDB-ID: #VU51435
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-21192
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the tab groups implementation in Google Chrome. A remote attacker can create a specially crafted website, trick the victim into visiting it, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Use-after-free
EUVDB-ID: #VU51436
Risk: Critical
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]
CVE-ID: CVE-2021-21193
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Blink component in Google Chrome. A remote attacker can create a specially crafted webpage, trick the victim into visiting it, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Note, this vulnerability is being actively exploited in the wild.
Update the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
51) Use-after-free
EUVDB-ID: #VU51797
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-21194
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the screen capture component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Use-after-free
EUVDB-ID: #VU51798
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-21195
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Heap-based buffer overflow
EUVDB-ID: #VU51799
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-21196
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in TabStrip. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Heap-based buffer overflow
EUVDB-ID: #VU51800
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-21197
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in TabStrip. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Out-of-bounds read
EUVDB-ID: #VU51801
Risk: Medium
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-21198
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the IPC component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger an out-of-bounds read error and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Use-after-free
EUVDB-ID: #VU51806
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-21199
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in Aura in Google Chrome. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Use-after-free
EUVDB-ID: #VU52232
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-21201
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the permissions component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Use-after-free
EUVDB-ID: #VU52233
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-21202
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the extensions component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Use-after-free
EUVDB-ID: #VU52234
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-21203
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Blink component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Use-after-free
EUVDB-ID: #VU52235
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-21204
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Blink component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU52236
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-21205
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in navigation in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and compromise the affected system.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Use-after-free
EUVDB-ID: #VU52198
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]
CVE-ID: CVE-2021-21206
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in Blink in Google Chrome. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
63) Use-after-free
EUVDB-ID: #VU52237
Risk: Medium
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-21207
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within IndexedDB in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Input validation error
EUVDB-ID: #VU52238
Risk: Medium
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-21208
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied input in QR scanner in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Improperly implemented security check for standard
EUVDB-ID: #VU52239
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-21209
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in storage in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Improperly implemented security check for standard
EUVDB-ID: #VU52240
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-21210
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Network in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Improperly implemented security check for standard
EUVDB-ID: #VU52241
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-21211
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Navigation in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) Spoofing attack
EUVDB-ID: #VU52242
Risk: Medium
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-21212
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a spoofing attack.
The vulnerability exists due to insufficient validation of user-supplied input in Network Config UI in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) Use-after-free
EUVDB-ID: #VU52243
Risk: Medium
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-21213
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within WebMIDI in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Use-after-free
EUVDB-ID: #VU52244
Risk: Medium
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-21214
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Network API in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) Improperly implemented security check for standard
EUVDB-ID: #VU52245
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-21215
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Autofill in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
72) Improperly implemented security check for standard
EUVDB-ID: #VU52246
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-21216
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Autofill in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
73) Use of uninitialized resource
EUVDB-ID: #VU52247
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-21217
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to usage of uninitialized resources in PDFium in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and crash the browser.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
74) Use of uninitialized resource
EUVDB-ID: #VU52248
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-21218
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to usage of uninitialized resources in PDFium in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and crash the browser.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
75) Use of uninitialized resource
EUVDB-ID: #VU52249
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-21219
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to usage of uninitialized resources in PDFium in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and crash the browser.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
76) Integer overflow
EUVDB-ID: #VU52059
Risk: Medium
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Green]
CVE-ID: CVE-2021-21220
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in V8 engine in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger integer overflow and execute arbitrary code on the target system.
Note, successful exploitation of this vulnerability may result in complete compromise of vulnerable system but requires additional vulnerability to escape browser's sandbox.
Update the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
77) Input validation error
EUVDB-ID: #VU52250
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-21221
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input in Mojo in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into opening it and execute arbitrary code on the system.
Update the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
78) Heap-based buffer overflow
EUVDB-ID: #VU52370
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-21222
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in V8 browser engine. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
79) Integer overflow
EUVDB-ID: #VU52373
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-21223
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in V8 browser engine in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
80) Type Confusion
EUVDB-ID: #VU52371
Risk: Critical
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]
CVE-ID: CVE-2021-21224
CWE-ID:
CWE-843 - Type confusion
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the V8 browser engine in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Update the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
81) Out-of-bounds write
EUVDB-ID: #VU52374
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-21225
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input within the V8 browser engine in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
82) Use-after-free
EUVDB-ID: #VU52372
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-21226
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the navigation component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
83) Input validation error
EUVDB-ID: #VU52602
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-21227
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied input in V8. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
84) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU52611
Risk: Medium
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-21228
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in extensions. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and compromise the affected system.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
85) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU52613
Risk: Medium
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-21229
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to incorrect security UI in downloads. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and compromise the affected system.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
86) Type Confusion
EUVDB-ID: #VU52618
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-21230
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error in V8. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
87) Input validation error
EUVDB-ID: #VU52624
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-21231
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied input in V8. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
88) Use-after-free
EUVDB-ID: #VU52606
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-21232
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in Dev Tools. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
89) Buffer overflow
EUVDB-ID: #VU52608
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-21233
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in ANGLE. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
www-client/chromium to version: 90.0.4430.93
www-client/google-chrome to version: 90.0.4430.93
Gentoo Linux: All versions
CPE2.3 External linkshttp://security.gentoo.org/
http://security.gentoo.org/glsa/202104-08
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
