CVE-2021-21156: Heap buffer overflow in V8

Reference Links

• https://security-tracker.debian.org/tracker/CVE-2021-21156
• http://packetstormsecurity.com/files/162579/Chrome-Array-Transfer-Bypass.html
• https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_16.html (Advisory)
• https://crbug.com/1177341
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BI6ZIJQYP5DFMYVX4J5OGOU2NQLEZ3SB/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FE5SIKEVYTMDCC5OSXGOM2KRPYLHYMQX/
• https://security.gentoo.org/glsa/202104-08
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BI6ZIJQYP5DFMYVX4J5OGOU2NQLEZ3SB/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FE5SIKEVYTMDCC5OSXGOM2KRPYLHYMQX/

Parent vulnerabilities

(Appears in the following advisories)

• 3736590772439839598

Peer vulnerabilities

(Found alongside the following vulnerabilities)

• CVE-2021-21149
• CVE-2021-21150
• CVE-2021-21151
• CVE-2021-21152
• CVE-2021-21153
• CVE-2021-21154
• CVE-2021-21155
• CVE-2021-21157

Frequently Asked Questions

• What is the severity of CVE-2021-21156?

  CVE-2021-21156 has been classified as a high severity vulnerability due to its potential for heap corruption exploitation.

• How do I fix CVE-2021-21156?

  To fix CVE-2021-21156, users should update Google Chrome to version 88.0.4324.182 or later.

• Which versions of Chrome are affected by CVE-2021-21156?

  CVE-2021-21156 affects Google Chrome versions prior to 88.0.4324.182.

• What type of vulnerability is CVE-2021-21156?

  CVE-2021-21156 is a heap buffer overflow vulnerability in the V8 engine of Google Chrome.

• Can CVE-2021-21156 be exploited remotely?

  Yes, CVE-2021-21156 can be exploited remotely by a malicious actor through a crafted script.