CVE-2021-38004 — Vulnetix

Try Vulnetix Request Demo

CVE-2021-38004 PUBLISHED CVSS 9.300000190734863 CRITICAL

Insufficient policy enforcement in Autofill in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

EPSS 0.38% · 59.4th percentile

Risk Scores

CVSS v4.0

9.300000190734863

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS Score

0.38%

59.4th percentile

Affected Products

Vendor	Product	Versions
Google	Chrome	unspecified
google	chrome	0
debian	debian_linux	10.0, 11.0

Timeline

Nov 23, 2021 CVE Published
Nov 24, 2021 EPSS Score
Nov 24, 2021 PoC Published
Jan 6, 2022 EPSS Score
Jan 17, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Apr 1, 2022 EPSS Score
May 6, 2022 EPSS Score
Jun 30, 2022 EPSS Score
Aug 24, 2022 EPSS Score
Oct 18, 2022 EPSS Score
Dec 11, 2022 EPSS Score

References

https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html url
https://crbug.com/1227170 url
DSA-5046 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2021-38004 advisory

Open in Interactive Console →