製品・ソフトウェアに関する情報

JVN脆弱性詳細

Linux 上で稼動する Google Chrome における境界外書き込みに関する脆弱性

Title	Linux 上で稼動する Google Chrome における境界外書き込みに関する脆弱性
Summary	Linux 上で稼動する Google Chrome には、境界外書き込みに関する脆弱性が存在します。
Possible impacts	情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Feb. 16, 2021, midnight
Registration Date	Nov. 11, 2021, 6:08 p.m.
Last Update	Nov. 11, 2021, 6:08 p.m.

Affected System

Fedora Project

Fedora

Google

Google Chrome 88.0.4324.182 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2021-21153	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21153
National Vulnerability Database (NVD)
2	CVE-2021-21153	https://nvd.nist.gov/vuln/detail/CVE-2021-21153

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-787	https://cwe.mitre.org/data/definitions/787.html

ベンダー情報

No	Name	URL
Chrome Releases
1	Stable Channel Update for Desktop	https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_16.html
Chromium
2	Issue 1155974	https://bugs.chromium.org/p/chromium/issues/detail?id=1155974
Fedora Update Notification
3	FEDORA-2021-aa764a8531	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BI6ZIJQYP5DFMYVX4J5OGOU2NQLEZ3SB/
4	FEDORA-2021-c88a96bd4b	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FE5SIKEVYTMDCC5OSXGOM2KRPYLHYMQX/

Change Log

No	Changed Details	Date of change
1	[2021年11月11日] 掲載	Nov. 11, 2021, 6:08 p.m.

NVD Vulnerability Information

CVE-2021-21153

Summary	Stack buffer overflow in GPU Process in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
Publication Date	Feb. 23, 2021, 7:15 a.m.
Registration Date	Feb. 23, 2021, 10:01 a.m.
Last Update	Nov. 21, 2024, 2:47 p.m.

Affected software configurations

Related information, measures and tools

No	URL	タグ
1	https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_16.html	Release Notes Vendor Advisory
2	https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_16.html	Release Notes Vendor Advisory
3	https://crbug.com/1155974	Exploit Issue Tracking Patch Permissions Required Vendor Advisory
4	https://crbug.com/1155974	Exploit Issue Tracking Patch Permissions Required Vendor Advisory
5	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BI6ZIJQYP5DFMYVX4J5OGOU2NQLEZ3SB/
6	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BI6ZIJQYP5DFMYVX4J5OGOU2NQLEZ3SB/
7	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FE5SIKEVYTMDCC5OSXGOM2KRPYLHYMQX/
8	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FE5SIKEVYTMDCC5OSXGOM2KRPYLHYMQX/
9	https://security.gentoo.org/glsa/202104-08	Third Party Advisory
10	https://security.gentoo.org/glsa/202104-08	Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-787	境界外書き込み	https://cwe.mitre.org/data/definitions/787.html