CVE-2021-38000

MediumKnown Exploited

Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to…

Chrome·CWE-20·Published 2021-11-23

CVSS

6.1

EPSS

0.04

KEV

Yes

Exploits

Vendor statements (2)

cve.orgen

196 chars

Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page.

NVDes

242 chars

La comprobación insuficiente de entradas no confiables en Intents en Google Chrome en Android versiones anteriores a 95.0.4638.69, permitía a un atacante remoto navegar arbitrariamente a una URL maliciosa por medio de una página HTML diseñada

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N
3.1	Primary	cve.org	6.1	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
3.1	Primary	cve.org	6.1	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
3.1	Primary	NVD	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
3.1	Secondary	NVD	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N