CVE-2021-37958
Advisory lineage Upstream: 0 Downstream: 7
Modified
Published: 08 Oct 2021, 21:30
Last modified:04 Aug 2024, 01:30
Vulnerability Summary
Overall Risk (default)
low
23/100 CVSS Score
5.8 MEDIUM
v2.0 (nvd)
EPSS Score
0.2% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
08 Oct 2021, 21:30
Published
Vulnerability first disclosed
04 Aug 2024, 01:30
Last Modified
Vulnerability information updated
Description
Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page.
CVSS Metrics
- v3.1•MEDIUM•Score: 5.4CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
- v2.0•MEDIUM•Score: 5.8AV:N/AC:M/Au:N/C:P/I:P/A:N
EPSS Trends
Current EPSS score: 0.20%• Percentile: 42%
Affected Systems
- debian•debian_linux
10.0 | 11.0
- fedoraproject•fedora
33 | 35
- Unknown•Chrome
< 94.0.4606.54 | ≥ unspecified, < 94.0.4606.54
References (5)
- https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_21.html
- https://crbug.com/1223290
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PM7MOYYHJSWLIFZ4TPJTD7MSA3HSSLV2/
- https://www.debian.org/security/2022/dsa-5046