6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
0.414 Medium
EPSS
Percentile
97.3%
Chrome Releases reports:
This release contains 37 security fixes, including:
[1025683] High CVE-2021-21201: Use after free in permissions.
Reported by Gengming Liu, Jianyu Chen at Tencent Keen Security
Lab on 2019-11-18
[1188889] High CVE-2021-21202: Use after free in extensions.
Reported by David Erceg on 2021-03-16
[1192054] High CVE-2021-21203: Use after free in Blink.
Reported by asnine on 2021-03-24
[1189926] High CVE-2021-21204: Use after free in Blink.
Reported by Chelse Tsai-Simek, Jeanette Ulloa, and Emily
Voigtlander of Seesaw on 2021-03-19
[1165654] High CVE-2021-21205: Insufficient policy enforcement
in navigation. Reported by Alison Huffman, Microsoft Browser
Vulnerability Research on 2021-01-12
[1195333] High CVE-2021-21221: Insufficient validation of
untrusted input in Mojo. Reported by Guang Gong of Alpha Lab,
Qihoo 360 on 2021-04-02
[1185732] Medium CVE-2021-21207: Use after free in IndexedDB.
Reported by koocola (@alo_cook) and Nan Wang (@eternalsakura13)
of 360 Alpha Lab on 2021-03-08
[1039539] Medium CVE-2021-21208: Insufficient data validation
in QR scanner. Reported by Ahmed Elsobky (@0xsobky) on
2020-01-07
[1143526] Medium CVE-2021-21209: Inappropriate implementation
in storage. Reported by Tom Van Goethem (@tomvangoethem) on
2020-10-29
[1184562] Medium CVE-2021-21210: Inappropriate implementation
in Network. Reported by @bananabr on 2021-03-04
[1103119] Medium CVE-2021-21211: Inappropriate implementation
in Navigation. Reported by Akash Labade (m0ns7er) on
2020-07-08
[1145024] Medium CVE-2021-21212: Incorrect security UI in
Network Config UI. Reported by Hugo Hue and Sze Yiu Chau of the
Chinese University of Hong Kong on 2020-11-03
[1161806] Medium CVE-2021-21213: Use after free in WebMIDI.
Reported by raven (@raid_akame) on 2020-12-25
[1170148] Medium CVE-2021-21214: Use after free in Network API.
Reported by Anonymous on 2021-01-24
[1172533] Medium CVE-2021-21215: Inappropriate implementation
in Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser
Vulnerability Research on 2021-01-30
[1173297] Medium CVE-2021-21216: Inappropriate implementation
in Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser
Vulnerability Research on 2021-02-02
[1166462] Low CVE-2021-21217: Uninitialized Use in PDFium.
Reported by Zhou Aiting (@zhouat1) of Qihoo 360 Vulcan Team on
2021-01-14
[1166478] Low CVE-2021-21218: Uninitialized Use in PDFium.
Reported by Zhou Aiting (@zhouat1) of Qihoo 360 Vulcan Team on
2021-01-14
[1166972] Low CVE-2021-21219: Uninitialized Use in PDFium.
Reported by Zhou Aiting (@zhouat1) of Qihoo 360 Vulcan Team on
2021-01-15
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
0.414 Medium
EPSS
Percentile
97.3%