CVE-2021-38003
CVE-2021-38003
In short
A flaw in Chrome's V8 JavaScript engine allows attackers to corrupt memory on your computer by tricking you into visiting a malicious webpage. This can lead to crashes or potentially allow the attacker to run harmful code.
Technical detail
Improper bounds checking in V8's memory handling allows remote code execution through heap corruption. Attack vector is network-based (malicious HTML page), requiring user interaction (page visit). Exploitable pre-condition: victim must open crafted webpage in vulnerable Chrome version. Impact includes arbitrary code execution with user privileges.
Summary generated and translated by AI from the official description.
Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Google · Chromepublic PoCs found — 1
githubgithub.com/SpiralBL0CK/Chrome-V8-RCE-CVE-2021-38003★ 37⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.htmlhttps://crbug.com/1263462https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-38003https://www.debian.org/security/2022/dsa-5046