{"api_version":"1","generated_at":"2026-04-23T02:36:19+00:00","cve":"CVE-2021-38003","urls":{"html":"https://cve.report/CVE-2021-38003","api":"https://cve.report/api/cve/CVE-2021-38003.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-38003","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-38003"},"summary":{"title":"CVE-2021-38003","description":"Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","state":"PUBLIC","assigner":"chrome-cve-admin@google.com","published_at":"2021-11-23 22:15:00","updated_at":"2023-11-07 03:37:00"},"problem_types":["CWE-755"],"metrics":[],"references":[{"url":"https://crbug.com/1263462","name":"https://crbug.com/1263462","refsource":"MISC","tags":[],"title":"1263462 - \n \n \n chromium -\n \n \n An open-source project to help move the web forward. - \n \n Monorail","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.debian.org/security/2022/dsa-5046","name":"DSA-5046","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-5046-1 chromium","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744/","name":"FEDORA-2021-6a292e2cf4","refsource":"","tags":[],"title":"[SECURITY] Fedora 34 Update: chromium-96.0.4664.110-3.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744/","name":"FEDORA-2021-6a292e2cf4","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 34 Update: chromium-96.0.4664.110-3.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html","name":"https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html","refsource":"MISC","tags":[],"title":"Chrome Releases: Stable Channel Update for Desktop","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-38003","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-38003","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"38003","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"38003","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"11.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"38003","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"34","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"38003","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"google","cpe5":"chrome","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":{"cve_year":"2021","cve_id":"38003","cve":"CVE-2021-38003","vendorProject":"Google","product":"Chromium V8","vulnerabilityName":"Google Chromium V8 Memory Corruption Vulnerability","dateAdded":"2021-11-03","shortDescription":"Google Chromium V8 Engine has a bug in JSON.stringify, where the internal TheHole value can leak to script code, causing memory corruption. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.","requiredAction":"Apply updates per vendor instructions.","dueDate":"2021-11-17","knownRansomwareCampaignUse":"Unknown","notes":"https://nvd.nist.gov/vuln/detail/CVE-2021-38003","cwes":"CWE-122,CWE-755","catalogVersion":"2026.04.22","updated_at":"2026-04-22 20:03:11"},"epss":{"cve_year":"2021","cve_id":"38003","cve":"CVE-2021-38003","epss":"0.682620000","percentile":"0.986100000","score_date":"2026-04-22","updated_at":"2026-04-23 00:03:17"},"legacy_qids":[{"cve":"CVE-2021-38003","qid":"179000","title":"Debian Security Update for chromium (DSA 5046-1)"},{"cve":"CVE-2021-38003","qid":"182467","title":"Debian Security Update for chromium (CVE-2021-38003)"},{"cve":"CVE-2021-38003","qid":"282220","title":"Fedora Security Update for chromium (FEDORA-2021-6a292e2cf4)"},{"cve":"CVE-2021-38003","qid":"282302","title":"Fedora Security Update for qt5 (FEDORA-2022-ecdf338eb1)"},{"cve":"CVE-2021-38003","qid":"282308","title":"Fedora Security Update for chromium (FEDORA-2021-22594d9eb0)"},{"cve":"CVE-2021-38003","qid":"282329","title":"Fedora Security Update for qt5 (FEDORA-2022-e39987b17d)"},{"cve":"CVE-2021-38003","qid":"376000","title":"Google Chrome Prior to 95.0.4638.69 Multiple Vulnerabilities"},{"cve":"CVE-2021-38003","qid":"376010","title":"Microsoft Edge Based on Chromium Prior to 95.0.1020.40 Multiple Vulnerabilities"},{"cve":"CVE-2021-38003","qid":"501916","title":"Alpine Linux Security Update for qt5-qtwebengine"},{"cve":"CVE-2021-38003","qid":"502176","title":"Alpine Linux Security Update for qt5-qtwebengine"},{"cve":"CVE-2021-38003","qid":"690221","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for chromium (976d7bf9-38ea-11ec-b3b0-3065ec8fd3ec)"},{"cve":"CVE-2021-38003","qid":"710571","title":"Gentoo Linux Chromium, Google Chrome Multiple Vulnerabilities (GLSA 202201-02)"},{"cve":"CVE-2021-38003","qid":"751335","title":"OpenSUSE Security Update for chromium (openSUSE-SU-2021:1462-1)"},{"cve":"CVE-2021-38003","qid":"751739","title":"OpenSUSE Security Update for opera (openSUSE-SU-2022:0047-1)"},{"cve":"CVE-2021-38003","qid":"751978","title":"OpenSUSE Security Update for opera (openSUSE-SU-2022:0110-1)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2021-38003","ASSIGNER":"chrome-cve-admin@google.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Google","product":{"product_data":[{"product_name":"Chrome","version":{"version_data":[{"version_value":"95.0.4638.69","version_affected":"<"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Inappropriate implementation"}]}]},"references":{"reference_data":[{"url":"https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html","refsource":"MISC","name":"https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html"},{"url":"https://crbug.com/1263462","refsource":"MISC","name":"https://crbug.com/1263462"},{"refsource":"FEDORA","name":"FEDORA-2021-6a292e2cf4","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744/"},{"refsource":"DEBIAN","name":"DSA-5046","url":"https://www.debian.org/security/2022/dsa-5046"}]},"description":{"description_data":[{"lang":"eng","value":"Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."}]}},"nvd":{"publishedDate":"2021-11-23 22:15:00","lastModifiedDate":"2023-11-07 03:37:00","problem_types":["CWE-755"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"95.0.4638.69","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"38003","Ordinal":"213606","Title":"CVE-2021-38003","CVE":"CVE-2021-38003","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"38003","Ordinal":"1","NoteData":"Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"38003","Ordinal":"2","NoteData":"2021-11-23","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"38003","Ordinal":"3","NoteData":"2022-01-15","Type":"Other","Title":"Modified"}]}}}