PT-2021-4902 · Google+4 · Google Chrome+4

Ashish Arun Dhone

·

Published

2021-09-21

·

Updated

2024-06-15

·

CVE-2021-37999

CVSS v2.0

6.4

Medium

VectorAV:N/AC:L/Au:N/C:P/I:P/A:N
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 95.0.4638.69 Microsoft Edge (affected versions not specified)
Description The issue is related to insufficient data validation in the New Tab Page component of the browsers. This can be exploited by a remote attacker using a specially crafted web page, potentially allowing the execution of arbitrary code. The attacker can inject arbitrary scripts or HTML in a new browser tab.
Recommendations For Google Chrome versions prior to 95.0.4638.69, update to version 95.0.4638.69 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-20

Related Identifiers

ALT-PU-2021-3218
ALT-PU-2021-3329
ALT-PU-2021-3408
ALT-PU-2021-3431
ALT-PU-2021-3436
ALT-PU-2021-3583
ALT-PU-2021-3603
BDU:2021-05637
CVE-2021-37999
DSA-5046-1
OPENSUSE-SU-2021:1462-1
OPENSUSE-SU-2021_1462-1
OPENSUSE-SU-2022:0047-1
OPENSUSE-SU-2022:0110-1
OPENSUSE-SU-2022_0047-1
OPENSUSE-SU-2022_0110-1
OPENSUSE-SU-2024:11604-1
OPENSUSE-SU-2024:12948-1

Affected Products

Alt Linux
Astra Linux
Google Chrome
Edge
Suse