CVE-2021-38004 — Vulnetix

CVE-2021-38004 PUBLISHED CVSS 9.300000190734863 CRITICAL

Insufficient policy enforcement in Autofill in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

EPSS 0.38% · 59.9th percentile

Risk Scores

CVSS 4.0

9.300000190734863

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS Score

0.38%

59.9th percentile

Affected Products

Vendor	Product	Versions
Google	Chrome	unspecified
google	chrome	0
debian	debian_linux	10.0, 11.0

Exploit Intelligence

CIRCL seen: CVE-2021-38004 (circl-sighting)
https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html (circl)
https://crbug.com/1227170 (circl)
DSA-5046 (circl)

Timeline

Nov 23, 2021 CVE Published
Nov 24, 2021 EPSS Score
Nov 24, 2021 PoC Published
Jan 6, 2022 EPSS Score
Jan 18, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Apr 1, 2022 EPSS Score
May 8, 2022 EPSS Score
Jul 2, 2022 EPSS Score
Aug 27, 2022 EPSS Score
Oct 21, 2022 EPSS Score
Dec 15, 2022 EPSS Score

References

https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html url
https://crbug.com/1227170 url
DSA-5046 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2021-38004 advisory

Open in Interactive Console →