CVE-2021-4059Improper Input Validation in Google Chrome

CWE-20Improper Input ValidationCWE-125Out-of-bounds Read8 documents7 sources
Severity
6.5MEDIUMNVD
EPSS
1.6%
top 18.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Google ChromeChromiumDebian Chromium+5 more
Timeline
PublishedDec 23
Latest updateApr 12

Description

Insufficient data validation in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages7 packages

CVEListV5google/chromeunspecified96.0.4664.93
NVDgoogle/chrome< 96.0.4664.93
debiandebian/chromium< chromium 97.0.4692.71-0.1 (bookworm)
Debianchromium/chromium< 97.0.4692.71-0.1~deb11u1+3

Also affects: Debian Linux 10.0, 11.0, Fedora 34

🔴Vulnerability Details

2
GHSA
GHSA-5g9f-524h-jx5v: Insufficient data validation in loader in Google Chrome prior to 962021-12-24
OSV
CVE-2021-4059: Insufficient data validation in loader in Google Chrome prior to 962021-12-23

📋Vendor Advisories

5
Microsoft
It was discovered that the update for the virt:rhel module in the RHSA-2020:4676 (https://access.redhat.com/errata/RHSA-2020:4676) erratum released as part of Red Hat Enterprise Linux 8.3 failed to in2022-04-12
Microsoft
Chromium: CVE-2021-4059 Insufficient data validation in loader2021-12-14
Chrome
Stable Channel Update for Desktop: CVE-2021-40582021-12-06
Debian
CVE-2021-4059: chromium - Insufficient data validation in loader in Google Chrome prior to 96.0.4664.93 al...2021
Red Hat
QEMU: Regression of CVE-2020-10756 fix in virt:rhel/qemu-kvm in Red Hat Enterprise Linux 8.32020-05-27