CVE-2021-37976

Advisory lineage Upstream: 0 Downstream: 11

Downstream

DEBIAN-CVE-2021-37976 DSA-5046-1 OPENSUSE-SU-2021:1339-1 OPENSUSE-SU-2021:1350-1 OPENSUSE-SU-2021:1358-1 OPENSUSE-SU-2021:1433-1

Analyzed

Published: 08 Oct 2021, 21:50

Last modified:21 Oct 2025, 23:25

Vulnerability Summary

Overall Risk (default)

medium

39/100

CVSS Score

6.5 MEDIUM

v3.1 (cve.org)

EPSS Score

14.36% MEDIUM

14% probability +6.02%

KEV

Listed

CISA

1 listing

Ransomware

No reports

Public exploits

1 found

Dark Web

Not detected

Timeline

08 Oct 2021, 21:50

Published

Vulnerability first disclosed

03 Nov 2021, 00:00

Added to CISA KEV

Google Chromium Information Disclosure Vulnerability

17 Nov 2021, 00:00

CISA Remediation Due

Apply updates per vendor instructions.

21 Oct 2025, 23:25

Last Modified

Vulnerability information updated

Description

Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

CVSS Metrics

v3.1•MEDIUM•Score: 6.5CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
v2.0•MEDIUM•Score: 4.3AV:N/AC:M/Au:N/C:P/I:N/A:N

EPSS Trends

Current EPSS score: 14.36%• Percentile: 94%

Techniques & Countermeasures

CWE-862•Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Affected Systems

debian•debian_linux
10.0 | 11.0
fedoraproject•fedora
33 | 34 | 35
Unknown•Chrome
< 94.0.4606.71 | ≥ unspecified, < 94.0.4606.71