CVE-2021-21224

HIGH KEV

Google Chrome <90.0.4430.85 - RCE

Title source: llm

Description

Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

Exploits (2)

vulncheck_xdb NO CODE

client-side

https://github.com/maldev866/ChExp_CVE_2021_21224

View Code ZIP pw:eip

inthewild

poc

https://github.com/ohnonoyesyes/cve-2021-21224

View on inthewild

References (8)

[Release Notes] https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_20.html

[Exploit, Issue Tracking] https://crbug.com/1195777

[Release Notes] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EAJ42L4JFPBJATCZ7MOZQTUDGV4OEHHG/

[Release Notes] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3GZ42MYPGD35V652ZPVPYYS7A7LVXVY/

[Release Notes] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUZBGKGVZADNA3I24NVG7HAYYUTOSN5A/

[Third Party Advisory] https://security.gentoo.org/glsa/202104-08

[Mailing List, Third Party Advisory] https://www.debian.org/security/2021/dsa-4906

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-21224

Scores

CVSS v3 8.8

EPSS 0.4692

EPSS Percentile 97.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2021-11-03

VulnCheck KEV 2021-06-08

InTheWild.io 2021-04-20

ENISA EUVD EUVD-2021-8615

CWE

CWE-843

Status published

Products (5)

debian/debian_linux 10.0

fedoraproject/fedora 32

fedoraproject/fedora 33

fedoraproject/fedora 34

google/chrome < 90.0.4430.85

Published Apr 26, 2021

KEV Added Nov 03, 2021

Tracked Since Feb 18, 2026