|
200611
|
8.6 |
HIGH
Local
|
google
|
chrome
|
Use after free in DevTools in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform a sandbox escape via a crafted file.
|
CWE-416
Use After Free
|
CVE-2021-21138
|
2024-11-21 14:47 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200612
|
6.5 |
MEDIUM
Network
|
google
microsoft
|
chrome
edge_chromium
|
Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.
|
CWE-74
Injection
|
CVE-2021-21137
|
2024-11-21 14:47 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200613
|
6.5 |
MEDIUM
Network
|
google
microsoft
|
chrome
edge_chromium
|
Insufficient policy enforcement in WebView in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
|
CWE-346
Origin Validation Error
|
CVE-2021-21136
|
2024-11-21 14:47 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200614
|
6.5 |
MEDIUM
Network
|
google
microsoft
|
chrome
edge_chromium
|
Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
|
CWE-346
Origin Validation Error
|
CVE-2021-21135
|
2024-11-21 14:47 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200615
|
6.5 |
MEDIUM
Network
|
google
microsoft
|
chrome
edge_chromium
|
Incorrect security UI in Page Info in Google Chrome on iOS prior to 88.0.4324.96 allowed a remote attacker to spoof security UI via a crafted HTML page.
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2021-21134
|
2024-11-21 14:47 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200616
|
6.5 |
MEDIUM
Network
|
google
microsoft
|
chrome
edge_chromium
|
Insufficient policy enforcement in Downloads in Google Chrome prior to 88.0.4324.96 allowed an attacker who convinced a user to download files to bypass navigation restrictions via a crafted HTML pag…
|
NVD-CWE-Other
|
CVE-2021-21133
|
2024-11-21 14:47 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200617
|
9.6 |
CRITICAL
Network
|
google
microsoft
|
chrome
edge_chromium
|
Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension.
|
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2021-21132
|
2024-11-21 14:47 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200618
|
6.5 |
MEDIUM
Network
|
google
microsoft
|
chrome
edge_chromium
|
Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
|
CWE-59
CWE-434
Link Following
Unrestricted Upload of File with Dangerous Type
|
CVE-2021-21131
|
2024-11-21 14:47 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200619
|
6.5 |
MEDIUM
Network
|
google
microsoft
|
chrome
edge_chromium
|
Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
|
NVD-CWE-Other
|
CVE-2021-21130
|
2024-11-21 14:47 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200620
|
6.5 |
MEDIUM
Network
|
google
microsoft
|
chrome
edge_chromium
|
Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
|
NVD-CWE-Other
|
CVE-2021-21129
|
2024-11-21 14:47 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
