CVE-2021-4079

Name

CVE-2021-4079

Description

Out of bounds write in WebRTC in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via crafted WebRTC packets.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

References

Type	URI
MISC	https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html
MISC	https://crbug.com/1265806
Third Party Advisory	https://www.debian.org/security/2022/dsa-5046

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:google:chrome::::::::`	chrome	>= None	< 96.0.4664.93

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
qt5-qtwebengine	edge-community	5.15.3_git20211127-r1	None	fixed
qt5-qtwebengine	3.22-community	5.15.3_git20211127-r1	None	fixed
qt5-qtwebengine	3.21-community	5.15.3_git20211127-r1	None	fixed
qt5-qtwebengine	3.20-community	5.15.3_git20211127-r1	None	fixed
qt5-qtwebengine	3.19-community	5.15.3_git20211127-r1	None	fixed
qt5-qtwebengine	3.18-community	5.15.3_git20211127-r1	None	fixed
qt5-qtwebengine	3.17-community	5.15.3_git20211127-r1	None	fixed