CVE-2021-38003

HighKnown Exploited

Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption…

Chrome·CWE-755·Published 2021-11-23

CVSS

8.8

EPSS

0.36

KEV

Yes

Exploits

Vendor statements (2)

cve.orgen

163 chars

Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

NVDes

207 chars

Una implementación inapropiada de V8 en Google Chrome versiones anteriores a 95.0.4638.69, permitía a un atacante remoto explotar potencialmente la corrupción de la pila por medio de una página HTML diseñada

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
3.1	Primary	cve.org	8.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	8.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
3.1	Primary	NVD	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
3.1	Secondary	NVD	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H