CVE-2021-37980

Advisory lineage Upstream: 0 Downstream: 10
Modified
Published: 02 Nov 2021, 20:25
Last modified:04 Aug 2024, 01:30

Vulnerability Summary

Overall Risk (default)
medium
30/100
CVSS Score
7.4 HIGH
v3.1 (nvd)
EPSS Score
0.31% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

02 Nov 2021, 20:25
Published
Vulnerability first disclosed
04 Aug 2024, 01:30
Last Modified
Vulnerability information updated

Description

Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially bypass site isolation via Windows.

CVSS Metrics

  • v3.1HIGHScore: 7.4CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
  • v2.0MEDIUMScore: 4.3AV:N/AC:M/Au:N/C:P/I:N/A:N

EPSS Trends

Current EPSS score: 0.31% Percentile: 55%

Affected Systems

  • debiandebian_linux

    10.0 | 11.0

  • fedoraprojectfedora

    33

  • UnknownChrome

    < 94.0.4606.81 | ≥ unspecified, < 94.0.4606.81

References (4)