CVE-2021-21148
CVE-2021-21148
In short
A flaw in Chrome's JavaScript engine (V8) allows attackers to overflow a memory buffer on the heap through a malicious webpage, potentially corrupting data and gaining unauthorized control.
Technical detail
Heap buffer overflow in V8 via CWE-787 (out-of-bounds write) exploitable through crafted HTML/JavaScript delivered to users; requires user to visit attacker-controlled site but no additional user interaction beyond that; impacts confidentiality, integrity, and availability of the browser process.
Summary generated and translated by AI from the official description.
Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Google · Chromepublic PoCs found — 2
githubgithub.com/Grayhaxor/CVE-2021-21148★ 2cve_referencepacketstormsecurity.com/files/162579/Chrome-Array-Transfer-Bypass.htmlunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/162579/Chrome-Array-Transfer-Bypass.htmlhttps://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.htmlhttps://crbug.com/1170176https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ACWYJ74Z3YN2XH4QMUEGNBC3VXX464L/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUQSMNV7INLDDSD3RKI5S5EAULX2QC7P/https://security.gentoo.org/glsa/202104-08https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-21148https://www.debian.org/security/2021/dsa-4858