Risk | High |
Patch available | YES |
Number of vulnerabilities | 18 |
CVE-ID | CVE-2021-38007 CVE-2021-38015 CVE-2021-38022 CVE-2021-38021 CVE-2021-38020 CVE-2021-38019 CVE-2021-38018 CVE-2021-38017 CVE-2021-38016 CVE-2021-38014 CVE-2021-38008 CVE-2021-38013 CVE-2021-38012 CVE-2021-38011 CVE-2021-38010 CVE-2021-38005 CVE-2021-38006 CVE-2021-38009 |
CWE-ID | CWE-843 CWE-358 CWE-264 CWE-787 CWE-416 CWE-122 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Google Chrome Client/Desktop applications / Web browsers |
Vendor |
This security bulletin contains information about 18 vulnerabilities.
EUVDB-ID: #VU58155
Risk: High
CVSSv3.1:
CVE-ID: CVE-2021-38007
CWE-ID:
CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 7.0.517.41 - 95.0.4638.69
http://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html
http://crbug.com/1254189
http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38007
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU58165
Risk: High
CVSSv3.1:
CVE-ID: CVE-2021-38015
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in input in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 7.0.517.41 - 95.0.4638.69
http://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html
http://crbug.com/957553
http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38015
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU58172
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-38022
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in WebAuthentication in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 7.0.517.41 - 95.0.4638.69
http://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html
http://crbug.com/1248862
http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38022
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU58171
Risk: High
CVSSv3.1:
CVE-ID: CVE-2021-38021
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in referrer in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 7.0.517.41 - 95.0.4638.69
http://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html
http://crbug.com/1233375
http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38021
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU58170
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-38020
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in contacts picker in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 7.0.517.41 - 95.0.4638.69
http://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html
http://crbug.com/1259694
http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38020
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU58169
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-38019
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in CORS in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 7.0.517.41 - 95.0.4638.69
http://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html
http://crbug.com/1251179
http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38019
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU58168
Risk: High
CVSSv3.1:
CVE-ID: CVE-2021-38018
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in navigation in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 7.0.517.41 - 95.0.4638.69
http://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html
http://crbug.com/1197889
http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38018
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU58167
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-38017
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in iframe sandbox in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 7.0.517.41 - 95.0.4638.69
http://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html
http://crbug.com/1256822
http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38017
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU58166
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-38016
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in background fetch in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 7.0.517.41 - 95.0.4638.69
http://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html
http://crbug.com/1244289
http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38016
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU58164
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-38014
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in Swiftshader. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 7.0.517.41 - 95.0.4638.69
http://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html
http://crbug.com/1248567
http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38014
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU58156
Risk: High
CVSSv3.1:
CVE-ID: CVE-2021-38008
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the media component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 7.0.517.41 - 95.0.4638.69
http://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html
http://crbug.com/1263620
http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38008
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU58163
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-38013
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in fingerprint recognition. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 7.0.517.41 - 95.0.4638.69
http://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html
http://crbug.com/1242392
http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38013
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU58162
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-38012
CWE-ID:
CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a type confusion error and gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 7.0.517.41 - 95.0.4638.69
http://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html
http://crbug.com/1262791
http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38012
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU58161
Risk: High
CVSSv3.1:
CVE-ID: CVE-2021-38011
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the storage foundation component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 7.0.517.41 - 95.0.4638.69
http://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html
http://crbug.com/1268274
http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38011
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU58160
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-38010
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to incorrect implementation in service workers in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 7.0.517.41 - 95.0.4638.69
http://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html
http://crbug.com/1264477
http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38010
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU58159
Risk: High
CVSSv3.1:
CVE-ID: CVE-2021-38005
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the loader component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 7.0.517.41 - 95.0.4638.69
http://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html
http://crbug.com/1241091
http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38005
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU58158
Risk: High
CVSSv3.1:
CVE-ID: CVE-2021-38006
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the storage foundation component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 7.0.517.41 - 95.0.4638.69
http://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html
http://crbug.com/1240593
http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38006
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU58157
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-38009
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to incorrect implementation in cache in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 7.0.517.41 - 95.0.4638.69
http://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html
http://crbug.com/1260649
http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38009
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?