CVE-2021-37975
CVE-2021-37975
In short
Google Chrome's V8 JavaScript engine had a use-after-free flaw that allowed attackers to corrupt memory and potentially take control of your computer through a malicious website.
Technical detail
Use-after-free vulnerability in V8 JavaScript engine (CWE-416) enables remote code execution via heap corruption when processing crafted HTML. Attack vector is network-based requiring user interaction (visiting malicious page); impacts versions prior to 94.0.4606.71.
Summary generated and translated by AI from the official description.
Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Google · Chromepublic PoCs found — 1
cve_referencepacketstormsecurity.com/files/172847/Chrome-V8-Logic-Bug-Use-After-Free.htmlunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/172847/Chrome-V8-Logic-Bug-Use-After-Free.htmlhttps://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_30.htmlhttps://crbug.com/1252918https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D63JZ3ROXCUHP4CFWDHCPZNTGET7T34R/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRFXUDH46PFVE75VQVWY6PYY5DK3S2XT/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNARCF5HEZK7GJXZRN5TQ45AQDCRM2WO/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-37975https://www.debian.org/security/2022/dsa-5046