cbcvebase.
CVE-2021-21148
published 2021-02-09

CVE-2021-21148: Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

PriorityP184high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2021-11-17
Exploited in the wild
EPSS
19.81%
97.1th percentile
Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Affected

12 ranges
VendorProductVersion rangeFixed in
chromiumchromium>= 0 < 88.0.4324.150-188.0.4324.150-1
chromiumchromium>= 0 < 88.0.4324.150-188.0.4324.150-1
chromiumchromium>= 0 < 88.0.4324.150-188.0.4324.150-1
chromiumchromium>= 0 < 88.0.4324.150-188.0.4324.150-1
debianchromium< chromium 88.0.4324.150-1 (bookworm)chromium 88.0.4324.150-1 (bookworm)
debiandebian_linux
fedoraprojectfedora
fedoraprojectfedora
googlechrome< 88.0.4324.15088.0.4324.150
googlechrome>= unspecified < 88.0.4324.15088.0.4324.150
googlechrome_chrome
msrcmicrosoft_edge

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2021-21148 is a heap buffer overflow in the V8 JavaScript engine, exploited via a crafted HTML page delivered remotely; detection should focus on Chrome/Edge versions prior to 88.0.4324.150 (Chrome) or 88.0.705.63 (Edge) processing attacker-controlled web content
  • Google confirmed an in-the-wild exploit exists for CVE-2021-21148; treat any Chrome/Edge instance below the patched version as actively at risk
  • The bug was reported on 2021-01-24 and patched 2021-02-04; any exploitation activity observed between those dates should be treated as zero-day usage
  • Exploitation has been attributed to the North Korean Lazarus group; correlate CVE-2021-21148 exploitation indicators with Lazarus TTPs in threat hunting

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
vulncheck8.8HIGH
cisa8.8HIGH
vendor_debian8.8HIGH
vendor_msrc8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.