Zero-day Vulnerability Database
Zero-day vulnerabilities discovered: 20
Multiple vulnerabilities in Google Chrome
CVE-2021-4102
Use-after-free
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the V8 engine. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Chrome
Links:
https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop_13.html
Privilege escalation in Google Android
CVE-2021-1048
Use-after-free
The vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the Android kernel component within the epoll_loop_check_proc() function. A malicious application can trigger a use-after-free error and execute arbitrary code with kernel privileges.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Android
Links:
https://source.android.com/security/bulletin/2021-11-01#2021-11-06-security-patch-level-vulnerability-details
Multiple vulnerabilities in Google Chrome
CVE-2021-38003
Improperly implemented security check for standard
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to incorrect implementation in the V8 engine in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Chrome
Links:
https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html
Multiple vulnerabilities in Google Chrome
CVE-2021-38000
Exposed dangerous method or function
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insecure implementation in V8 engine in Google Chrome. A remote attacker can create a specially crafted website, trick the victim into visiting it and execute arbitrary code on the system.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Chrome
Links:
https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html
Multiple vulnerabilities in Google Chrome
CVE-2021-37976
Information disclosure
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in core in Google Chrome. A remote attacker can trick the victim to open a specially crafted web page and gain access to sensitive information.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Chrome
Links:
https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_30.html
Multiple vulnerabilities in Google Chrome
CVE-2021-37975
Use-after-free
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the V8 browser engine in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Chrome
Links:
https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_30.html
Remote code execution in Google Chrome
CVE-2021-37973
Use-after-free
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing HTML content within the Portals component in Google Chrome. A remote attacker can create a specially crafted website, trick the victim into visiting it, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Chrome
Links:
https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html
Multiple vulnerabilities in Google Chrome
CVE-2021-30633
Use-after-free
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Indexed DB API component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Note, the vulnerability is being actively exploited in-the-wild.
Software: Google Chrome
Links:
https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop.html
Multiple vulnerabilities in Google Chrome
CVE-2021-30632
Out-of-bounds write
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in V8. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger out-of-bounds write and execute arbitrary code on the target system.
Note, the vulnerability is being actively exploited in-the-wild.
Software: Google Chrome
Links:
https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop.html
Multiple vulnerabilities in Google Chrome
CVE-2021-30563
Type Confusion
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Chrome
Links:
https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html
Multiple vulnerabilities in Google Chrome
CVE-2021-30554
Use-after-free
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the WebGL component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Chrome
Links:
https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html
Multiple vulnerabilities in Google Chrome
CVE-2021-30551
Type Confusion
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Chrome
Multiple vulnerabilities in Google Android
CVE-2021-1906
Detection of Error Condition Without Action
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the Graphics component. A local user can trigger a new GPU address allocation failure and perform a denial of service attack.
Note, the vulnerability is being used in limited targeted attacks.
Software: Google Android
Links:
https://source.android.com/security/bulletin/2021-05-01
Multiple vulnerabilities in Google Android
CVE-2021-1905
Use-after-free
The vulnerability allows a local user to escalate privileges on the system
The vulnerability exists due to a use-after-free error in Graphics component when handling memory mapping of multiple processes simultaneously. A local user can escalate privileges on the system.
Note, the vulnerability is being used in limited targeted attacks.
Software: Google Android
Links:
https://source.android.com/security/bulletin/2021-05-01
Multiple vulnerabilities in Google Android
CVE-2021-28664
Buffer overflow
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Arm Mali GPU kernel driver. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r8p0 through r30p0. A local application can trigger memory corruption and execute arbitrary code on the system with elevated privileges.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Android
Links:
https://source.android.com/security/bulletin/2021-05-01
Multiple vulnerabilities in Google Android
CVE-2021-28663
Use-after-free
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the Arm Mali GPU kernel driver. This affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r4p0 through r30p0. A local application can trigger a use-after-free error and execute arbitrary code on the system with elevated privileges.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Android
Links:
https://source.android.com/security/bulletin/2021-05-01
Multiple vulnerabilities in Google Chrome
CVE-2021-21224
Type Confusion
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the V8 browser engine in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Chrome
Links:
https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_20.html
Multiple vulnerabilities in Google Chrome
CVE-2021-21193
Use-after-free
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Blink component in Google Chrome. A remote attacker can create a specially crafted webpage, trick the victim into visiting it, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Note, this vulnerability is being actively exploited in the wild.
Software: Google Chrome
Links:
https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html
Multiple vulnerabilities in Google Chrome
CVE-2021-21166
Improper control of a resource through its lifetime
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to improper control of object lifetime in audio in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage, trigger a stack-based buffer overflow and execute arbitrary code on the system.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Chrome
Links:
https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
Remote code execution in Google Chrome
CVE-2021-21148
Heap-based buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the V8 engine in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Chrome
Links:
https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.html