CVE-2021-38003

HIGH KEV

Google Chrome <95.0.4638.69 - Heap Corruption

Title source: llm

Description

Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Exploits (2)

nomisec WORKING POC 38 stars

by SpiralBL0CK · client-side

https://github.com/SpiralBL0CK/Chrome-V8-RCE-CVE-2021-38003

View Code ZIP pw:eip

vulncheck_xdb

client-side

https://github.com/caffeinedoom/CVE-2021-38003

View on vulncheck_xdb

References (5)

[Release Notes] https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html

[Exploit, Issue Tracking] https://crbug.com/1263462

[Release Notes] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744/

[Mailing List, Third Party Advisory] https://www.debian.org/security/2022/dsa-5046

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-38003

Scores

CVSS v3 8.8

EPSS 0.7143

EPSS Percentile 98.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitation Intel

CISA KEV 2021-11-03

VulnCheck KEV 2021-10-26

InTheWild.io 2021-10-26

ENISA EUVD EUVD-2021-24476

Classification

CWE

CWE-755

Status published

Affected Products (4)

google/chrome < 95.0.4638.69

fedoraproject/fedora

debian/debian_linux

Timeline

Published Nov 23, 2021

KEV Added Nov 03, 2021

Tracked Since Feb 18, 2026