CVE-2021-37973 (CNNVD-202109-1693)
中文标题:
Google Chrome 资源管理错误漏洞
英文标题:
Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had c...
漏洞描述
中文描述:
Google Chrome是美国谷歌(Google)公司的一款Web浏览器。 Google Chrome 存在资源管理错误漏洞,该漏洞源于在 Google Chrome 中的 Portals 组件中处理 HTML 内容时出现释放后使用错误。远程攻击者可以创建一个特制的网站,诱使受害者访问它,触发释放后使用错误并在系统上执行任意代码。以下产品及版本收到影响:Google Chrome: 7.0.517.41, 7.0.517.44, 70.0.3538.67, 70.0.3538.77, 70.0.3538.102, 70.0.3538.110, 71.0.3578.80, 71.0.3578.98, 72.0.3626.81, 72.0.3626.96, 72.0.3626.109, 72.0.3626.119, 72.0.3626.121, 73.0.3683.75, 73.0.3683.86, 73.0.3683.103, 74.0.3729.108, 74.0.3729.131, 74.0.3729.157, 74.0.3729.169, 75.0.3770.80, 75.0.3770.90, 75.0.3770.100, 75.0.3770.142, 76.0.3809.87, 76.0.3809.100, 76.0.3809.132, 77.0.3865.75, 77.0.3865.90, 77.0.3865.120, 78.0.3904.70, 78.0.3904.87, 78.0.3904.97, 78.0.3904.108, 79.0.3945.79, 79.0.3945.88, 79.0.3945.117, 79.0.3945.130, 80.0.3987.87, 80.0.3987.100, 80.0.3987.106, 80.0.3987.116, 80.0.3987.122, 80.0.3987.132, 80.0.3987.149, 80.0.3987.162, 80.0.3987.163, 81.0.4044.92, 81.0.4044.113, 81.0.4044.122, 81.0.4044.129, 81.0.4044.138, 83.0.4103.61, 83.0.4103.97, 83.0.4103.106, 83.0.4103.116, 84.0.4147.89, 84.0.4147.105, 84.0.4147.125, 84.0.4147.135, 85.0.4183.83, 85.0.4183.102, 85.0.4183.121, 86.0.4240.75, 86.0.4240.111, 86.0.4240.183, 86.0.4240.193, 86.0.4240.198, 87.0.4280.66, 87.0.4280.88, 87.0.4280.141, 88.0.4324.96, 88.0.4324.104, 88.0.4324.146, 88.0.4324.150, 88.0.4324.182, 88.0.4324.190, 89.0.4389.72, 89.0.4389.82, 89.0.4389.90, 89.0.4389.114, 89.0.4389.128, 90.0.4430.72, 90.0.4430.85, 90.0.4430.93, 90.0.4430.212, 91.0.4472.77, 91.0.4472.101, 91.0.4472.106, 91.0.4472.114, 91.0.4472.124, 91.0.4472.164, 92.0.4515.107, 92.0.4515.131, 92.0.4515.159, 93.0.4577.63, 93.0.4577.82。
英文描述:
Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Chrome | - | < 94.0.4606.61 | - |
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
|
|
| chrome | * | - | - |
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
|
|
| fedoraproject | fedora | 33 | - | - |
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
|
| fedoraproject | fedora | 35 | - | - |
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
|
| debian | debian_linux | 10.0 | - | - |
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
|
| debian | debian_linux | 11.0 | - | - |
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
3.1 (adp)
CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2021-37973 |
2025-11-11 15:21:02 | 2025-11-11 07:36:58 |
| NVD | nvd_CVE-2021-37973 |
2025-11-11 14:57:43 | 2025-11-11 07:45:17 |
| CNNVD | cnnvd_CNNVD-202109-1693 |
2025-11-11 15:10:43 | 2025-11-11 07:56:54 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 资源管理错误
- cnnvd_id: 未提取 -> CNNVD-202109-1693
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- affected_products_count: 1 -> 6
- references_count: 5 -> 6
- data_sources: ['cve'] -> ['cve', 'nvd']