6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
0.008 Low
EPSS
Percentile
81.5%
Chrome Releases reports:
This release contains 25 security fixes, including:
[1263620] High CVE-2021-38008: Use after free in media. Reported
by Marcin Towalski of Cisco Talos on 2021-10-26
[1260649] High CVE-2021-38009: Inappropriate implementation in
cache. Reported by Luan Herrera (@lbherrera_) on 2021-10-16
[1240593] High CVE-2021-38006: Use after free in storage
foundation. Reported by Sergei Glazunov of Google Project Zero on
2021-08-17
[1254189] High CVE-2021-38007: Type Confusion in V8. Reported by
Polaris Feng and SGFvamll at Singular Security Lab on
2021-09-29
[1241091] High CVE-2021-38005: Use after free in loader.
Reported by Sergei Glazunov of Google Project Zero on
2021-08-18
[1264477] High CVE-2021-38010: Inappropriate implementation in
service workers. Reported by Sergei Glazunov of Google Project
Zero on 2021-10-28
[1268274] High CVE-2021-38011: Use after free in storage
foundation. Reported by Sergei Glazunov of Google Project Zero on
2021-11-09
[1262791] Medium CVE-2021-38012: Type Confusion in V8. Reported
by Yonghwi Jin (@jinmo123) on 2021-10-24
[1242392] Medium CVE-2021-38013: Heap buffer overflow in
fingerprint recognition. Reported by raven (@raid_akame) on
2021-08-23
[1248567] Medium CVE-2021-38014: Out of bounds write in
Swiftshader. Reported by Atte Kettunen of OUSPG on 2021-09-10
[957553] Medium CVE-2021-38015: Inappropriate implementation in
input. Reported by David Erceg on 2019-04-29
[1244289] Medium CVE-2021-38016: Insufficient policy
enforcement in background fetch. Reported by Maurice Dauer on
2021-08-28
[1256822] Medium CVE-2021-38017: Insufficient policy enforcement
in iframe sandbox. Reported by NDevTK on 2021-10-05
[1197889] Medium CVE-2021-38018: Inappropriate implementation in
navigation. Reported by Alesandro Ortiz on 2021-04-11
[1251179] Medium CVE-2021-38019: Insufficient policy enforcement
in CORS. Reported by Maurice Dauer on 2021-09-20
[1259694] Medium CVE-2021-38020: Insufficient policy enforcement
in contacts picker. Reported by Luan Herrera (@lbherrera_) on
2021-10-13
[1233375] Medium CVE-2021-38021: Inappropriate implementation in
referrer. Reported by Prakash (@1lastBr3ath) and Jun Kokatsu on
2021-07-27
[1248862] Low CVE-2021-38022: Inappropriate implementation in
WebAuthentication. Reported by Michal Kepkowski on 2021-09-13
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
0.008 Low
EPSS
Percentile
81.5%