Rapid7 Vulnerability & Exploit Database

FreeBSD: VID-4ED0E43C-5CEF-11EB-BAFD-3065EC8FD3EC (CVE-2021-21126): chromium -- multiple vulnerabilities

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

FreeBSD: VID-4ED0E43C-5CEF-11EB-BAFD-3065EC8FD3EC (CVE-2021-21126): chromium -- multiple vulnerabilities

Severity
4
CVSS
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
Published
01/19/2021
Created
01/25/2021
Added
01/23/2021
Modified
03/08/2021

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From VID-4ED0E43C-5CEF-11EB-BAFD-3065EC8FD3EC:

Chrome Releases reports:

This release contains 36 security fixes, including:

[1137179] Critical CVE-2021-21117: Insufficient policy

enforcement in Cryptohome. Reported by Rory McNamara on

2020-10-10

[1161357] High CVE-2021-21118: Insufficient data validation in

V8. Reported by Tyler Nighswander (@tylerni7) of Theori on

2020-12-23

[1160534] High CVE-2021-21119: Use after free in Media. Reported

by Anonymous on 2020-12-20

[1160602] High CVE-2021-21120: Use after free in WebSQL.

Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha

Lab on 2020-12-21

[1161143] High CVE-2021-21121: Use after free in Omnibox.

Reported by Leecraso and Guang Gong of 360 Alpha Lab on

2020-12-22

[1162131] High CVE-2021-21122: Use after free in Blink. Reported

by Renata Hodovan on 2020-12-28

[1137247] High CVE-2021-21123: Insufficient data validation in

File System API. Reported by Maciej Pulikowski on 2020-10-11

[1131346] High CVE-2021-21124: Potential user after free in

Speech Recognizer. Reported by Chaoyang Ding(@V4kst1z) from

Codesafe Team of Legendsec at Qi'anxin Group on 2020-09-23

[1152327] High CVE-2021-21125: Insufficient policy enforcement

in File System API. Reported by Ron Masas (Imperva) on

2020-11-24

[1163228] High CVE-2020-16044: Use after free in WebRTC.

Reported by Ned Williamson of Project Zero on 2021-01-05

[1108126] Medium CVE-2021-21126: Insufficient policy enforcement

in extensions. Reported by David Erceg on 2020-07-22

[1115590] Medium CVE-2021-21127: Insufficient policy enforcement

in extensions. Reported by Jasminder Pal Singh, Web Services Point

WSP, Kotkapura on 2020-08-12

[1138877] Medium CVE-2021-21128: Heap buffer overflow in Blink.

Reported by Liang Dong on 2020-10-15

[1140403] Medium CVE-2021-21129: Insufficient policy enforcement

in File System API. Reported by Maciej Pulikowski on

2020-10-20

[1140410] Medium CVE-2021-21130: Insufficient policy enforcement

in File System API. Reported by Maciej Pulikowski on

2020-10-20

[1140417] Medium CVE-2021-21131: Insufficient policy enforcement

in File System API. Reported by Maciej Pulikowski on

2020-10-20

[1128206] Medium CVE-2021-21132: Inappropriate implementation in

DevTools. Reported by David Erceg on 2020-09-15

[1157743] Medium CVE-2021-21133: Insufficient policy enforcement

in Downloads. Reported by wester0x01

(https://twitter.com/wester0x01) on 2020-12-11

[1157800] Medium CVE-2021-21134: Incorrect security UI in Page

Info. Reported by wester0x01 (https://twitter.com/wester0x01) on

2020-12-11

[1157818] Medium CVE-2021-21135: Inappropriate implementation in

Performance API. Reported by ndevtk on 2020-12-11

[1038002] Low CVE-2021-21136: Insufficient policy enforcement in

WebView. Reported by Shiv Sahni, Movnavinothan V and Imdad

Mohammed on 2019-12-27

[1093791] Low CVE-2021-21137: Inappropriate implementation in

DevTools. Reported by bobblybear on 2020-06-11

[1122487] Low CVE-2021-21138: Use after free in DevTools.

Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec

at Qi'anxin Group on 2020-08-27

[1136327] Low CVE-2021-21140: Uninitialized Use in USB. Reported

by David Manouchehri on 2020-10-08

[1140435] Low CVE-2021-21141: Insufficient policy enforcement in

File System API. Reported by Maciej Pulikowski on 2020-10-20

Solution(s)

  • freebsd-upgrade-package-chromium

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;