vulnerability
FreeBSD: VID-4ED0E43C-5CEF-11EB-BAFD-3065EC8FD3EC (CVE-2021-21134): chromium -- multiple vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | 01/19/2021 | 01/23/2021 | 03/08/2021 |
Description
Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.
From VID-4ED0E43C-5CEF-11EB-BAFD-3065EC8FD3EC:
Chrome Releases reports:
This release contains 36 security fixes, including:
[1137179] Critical CVE-2021-21117: Insufficient policy
enforcement in Cryptohome. Reported by Rory McNamara on
2020-10-10
[1161357] High CVE-2021-21118: Insufficient data validation in
V8. Reported by Tyler Nighswander (@tylerni7) of Theori on
2020-12-23
[1160534] High CVE-2021-21119: Use after free in Media. Reported
by Anonymous on 2020-12-20
[1160602] High CVE-2021-21120: Use after free in WebSQL.
Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha
Lab on 2020-12-21
[1161143] High CVE-2021-21121: Use after free in Omnibox.
Reported by Leecraso and Guang Gong of 360 Alpha Lab on
2020-12-22
[1162131] High CVE-2021-21122: Use after free in Blink. Reported
by Renata Hodovan on 2020-12-28
[1137247] High CVE-2021-21123: Insufficient data validation in
File System API. Reported by Maciej Pulikowski on 2020-10-11
[1131346] High CVE-2021-21124: Potential user after free in
Speech Recognizer. Reported by Chaoyang Ding(@V4kst1z) from
Codesafe Team of Legendsec at Qi'anxin Group on 2020-09-23
[1152327] High CVE-2021-21125: Insufficient policy enforcement
in File System API. Reported by Ron Masas (Imperva) on
2020-11-24
[1163228] High CVE-2020-16044: Use after free in WebRTC.
Reported by Ned Williamson of Project Zero on 2021-01-05
[1108126] Medium CVE-2021-21126: Insufficient policy enforcement
in extensions. Reported by David Erceg on 2020-07-22
[1115590] Medium CVE-2021-21127: Insufficient policy enforcement
in extensions. Reported by Jasminder Pal Singh, Web Services Point
WSP, Kotkapura on 2020-08-12
[1138877] Medium CVE-2021-21128: Heap buffer overflow in Blink.
Reported by Liang Dong on 2020-10-15
[1140403] Medium CVE-2021-21129: Insufficient policy enforcement
in File System API. Reported by Maciej Pulikowski on
2020-10-20
[1140410] Medium CVE-2021-21130: Insufficient policy enforcement
in File System API. Reported by Maciej Pulikowski on
2020-10-20
[1140417] Medium CVE-2021-21131: Insufficient policy enforcement
in File System API. Reported by Maciej Pulikowski on
2020-10-20
[1128206] Medium CVE-2021-21132: Inappropriate implementation in
DevTools. Reported by David Erceg on 2020-09-15
[1157743] Medium CVE-2021-21133: Insufficient policy enforcement
in Downloads. Reported by wester0x01
(https://twitter.com/wester0x01) on 2020-12-11
[1157800] Medium CVE-2021-21134: Incorrect security UI in Page
Info. Reported by wester0x01 (https://twitter.com/wester0x01) on
2020-12-11
[1157818] Medium CVE-2021-21135: Inappropriate implementation in
Performance API. Reported by ndevtk on 2020-12-11
[1038002] Low CVE-2021-21136: Insufficient policy enforcement in
WebView. Reported by Shiv Sahni, Movnavinothan V and Imdad
Mohammed on 2019-12-27
[1093791] Low CVE-2021-21137: Inappropriate implementation in
DevTools. Reported by bobblybear on 2020-06-11
[1122487] Low CVE-2021-21138: Use after free in DevTools.
Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec
at Qi'anxin Group on 2020-08-27
[1136327] Low CVE-2021-21140: Uninitialized Use in USB. Reported
by David Manouchehri on 2020-10-08
[1140435] Low CVE-2021-21141: Insufficient policy enforcement in
File System API. Reported by Maciej Pulikowski on 2020-10-20
Solution
References
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.