Rapid7 Vulnerability & Exploit Database

FreeBSD: VID-D153C4D2-50F8-11EB-8046-3065EC8FD3EC (CVE-2021-21108): chromium -- multiple vulnerabilities

Back to Search

FreeBSD: VID-D153C4D2-50F8-11EB-8046-3065EC8FD3EC (CVE-2021-21108): chromium -- multiple vulnerabilities

Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
01/06/2021
Created
01/11/2021
Added
01/08/2021
Modified
03/08/2021

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From VID-D153C4D2-50F8-11EB-8046-3065EC8FD3EC:

Chrome Releases reports:

This release includes 16 security fixes, including:

[1148749] High CVE-2021-21106: Use after free in autofill.

Reported by Weipeng Jiang (@Krace) from Codesafe Team of

Legendsec at Qi'anxin Group on 2020-11-13

[1153595] High CVE-2021-21107: Use after free in drag and

drop. Reported by Leecraso and Guang Gong of 360 Alpha Lab on

2020-11-30

[1155426] High CVE-2021-21108: Use after free in media.

Reported by Leecraso and Guang Gong of 360 Alpha Lab on

2020-12-04

[1152334] High CVE-2021-21109: Use after free in payments.

Reported by Rong Jian and Guang Gong of 360 Alpha Lab on

2020-11-24

[1152451] High CVE-2021-21110: Use after free in safe

browsing. Reported by Anonymous on 2020-11-24

[1149125] High CVE-2021-21111: Insufficient policy enforcement

in WebUI. Reported by Alesandro Ortiz on 2020-11-15

[1151298] High CVE-2021-21112: Use after free in Blink.

Reported by YoungJoo Lee(@ashuu_lee) of Raon Whitehat on

2020-11-20

[1155178] High CVE-2021-21113: Heap buffer overflow in Skia.

Reported by tsubmunu on 2020-12-03

[1148309] High CVE-2020-16043: Insufficient data validation in

networking. Reported by Samy Kamkar, Ben Seri at Armis, Gregory

Vishnepolsky at Armis on 2020-11-12

[1150065] High CVE-2021-21114: Use after free in audio.

Reported by Man Yue Mo of GitHub Security Lab on 2020-11-17

[1157790] High CVE-2020-15995: Out of bounds write in V8.

Reported by Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu

Lab on 2020-12-11

[1157814] High CVE-2021-21115: Use after free in safe browsing.

Reported by Leecraso and Guang Gong of 360 Alpha Lab on

2020-12-11

[1151069] Medium CVE-2021-21116: Heap buffer overflow in audio.

Reported by Alison Huffman, Microsoft Browser Vulnerability

Research on 2020-11-19

Solution(s)

  • freebsd-upgrade-package-chromium

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;