CISA KEV 정보
| 취약점명 | Google Chromium V8 Memory Corruption Vulnerability |
|---|---|
| 설명 | Google Chromium V8 Engine has a bug in JSON.stringify, where the internal TheHole value can leak to script code, causing memory corruption. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. |
| 조치사항 | Apply updates per vendor instructions. |
| 랜섬웨어 캠페인 악용 | Unknown |
| CWE | CWE-122 | CWE-755 |
| 등록일 (KEV) | 2021-11-03 |
| 조치 기한 | 2021-11-17 |
| 추가 참고 | https://nvd.nist.gov/vuln/detail/CVE-2021-38003 |
NVD 상세 정보
CVSS v3.1: 8.8 HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVSS v2.0: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P설명: Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CWE: CWE-755 | CWE-755
참조
- https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html [Release Notes]
- https://crbug.com/1263462 [Exploit, Issue Tracking]
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744/ [Release Notes]
- https://www.debian.org/security/2022/dsa-5046 [Mailing List, Third Party Advisory]
- https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html [Release Notes]
- https://crbug.com/1263462 [Exploit, Issue Tracking]
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744/ [Release Notes]
- https://www.debian.org/security/2022/dsa-5046 [Mailing List, Third Party Advisory]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-38003 [US Government Resource]
This product uses the NVD API but is not endorsed or certified by the NVD.