CVE-2021-21152: Heap buffer overflow in Media

Reference Links

• https://security-tracker.debian.org/tracker/CVE-2021-21152
• https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_16.html (Advisory)
• https://crbug.com/1166504
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BI6ZIJQYP5DFMYVX4J5OGOU2NQLEZ3SB/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FE5SIKEVYTMDCC5OSXGOM2KRPYLHYMQX/
• https://security.gentoo.org/glsa/202104-08
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BI6ZIJQYP5DFMYVX4J5OGOU2NQLEZ3SB/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FE5SIKEVYTMDCC5OSXGOM2KRPYLHYMQX/

Parent vulnerabilities

(Appears in the following advisories)

• 3736590772439839598

Peer vulnerabilities

(Found alongside the following vulnerabilities)

• CVE-2021-21149
• CVE-2021-21150
• CVE-2021-21151
• CVE-2021-21153
• CVE-2021-21154
• CVE-2021-21155
• CVE-2021-21156
• CVE-2021-21157

Frequently Asked Questions

• What is the severity of CVE-2021-21152?

  CVE-2021-21152 has a high severity rating due to its potential for remote exploitation through heap corruption.

• How do I fix CVE-2021-21152?

  To mitigate CVE-2021-21152, update Google Chrome to version 88.0.4324.182 or later.

• What products are affected by CVE-2021-21152?

  CVE-2021-21152 affects Google Chrome versions prior to 88.0.4324.182 and Chromium on Debian systems.

• Can I still use my system if I have CVE-2021-21152?

  While you can continue to use your system, it is highly recommended to update to avoid potential security risks associated with CVE-2021-21152.

• What is the nature of the vulnerability CVE-2021-21152?

  CVE-2021-21152 is a heap buffer overflow vulnerability that allows remote attackers to exploit heap corruption via a crafted HTML page.