CVE-2021-4102

CVSS 8.8 HIGHEPSS 7.8%● KEVCWE-416

In short

Google Chrome had a flaw where freed memory could still be accessed, allowing attackers to crash the browser or potentially run malicious code through a specially crafted webpage.

Technical detail

Use-after-free vulnerability in V8 engine allows remote attacker to trigger heap corruption via malicious HTML. Exploitation requires user to visit crafted page; successful exploitation can lead to arbitrary code execution or denial of service.

Summary generated and translated by AI from the official description.

Use after free in V8 in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Google · Chrome

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop_13.html https://crbug.com/1278387 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-4102