PT-2021-1538 · Google+3 · Google Chrome+3

Man Yue Mo

·

Published

2021-01-06

·

Updated

2024-06-15

·

CVE-2021-21114

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 87.0.4280.141
Description The issue is related to a use after free in the audio component, which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This could impact the confidentiality, integrity, and availability of protected information.
Recommendations For versions prior to 87.0.4280.141, update to version 87.0.4280.141 or later to resolve the issue. As a temporary workaround, consider restricting access to crafted HTML pages that could exploit the heap corruption vulnerability.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2021-1010
ALT-PU-2021-1049
ALT-PU-2021-1157
ALT-PU-2021-1210
ALT-PU-2021-1379
BDU:2021-00115
CVE-2021-21114
DSA-4832-1
OPENSUSE-SU-2021:0040-1
OPENSUSE-SU-2021:0041-1
OPENSUSE-SU-2021:0047-1
OPENSUSE-SU-2021:0048-1
OPENSUSE-SU-2021:0138-1
OPENSUSE-SU-2021:0139-1
OPENSUSE-SU-2021_0040-1
OPENSUSE-SU-2021_0041-1
OPENSUSE-SU-2021_0138-1
OPENSUSE-SU-2021_0139-1
OPENSUSE-SU-2024:10681-1
OPENSUSE-SU-2024:12948-1

Affected Products

Alt Linux
Astra Linux
Google Chrome
Suse