Search for vulnerabilities
Vulnerability details: VCID-d1d3-4aqw-yyfk
Vulnerability ID VCID-d1d3-4aqw-yyfk
Aliases CVE-2021-38000
Summary Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page.
Status Published
Exploitability 2.0
Weighted Severity 8.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
System Score Found at
epss 0.03083 https://api.first.org/data/v1/epss?cve=CVE-2021-38000
epss 0.03083 https://api.first.org/data/v1/epss?cve=CVE-2021-38000
epss 0.03083 https://api.first.org/data/v1/epss?cve=CVE-2021-38000
epss 0.03083 https://api.first.org/data/v1/epss?cve=CVE-2021-38000
epss 0.03083 https://api.first.org/data/v1/epss?cve=CVE-2021-38000
epss 0.03083 https://api.first.org/data/v1/epss?cve=CVE-2021-38000
epss 0.03083 https://api.first.org/data/v1/epss?cve=CVE-2021-38000
epss 0.03375 https://api.first.org/data/v1/epss?cve=CVE-2021-38000
epss 0.03375 https://api.first.org/data/v1/epss?cve=CVE-2021-38000
epss 0.03375 https://api.first.org/data/v1/epss?cve=CVE-2021-38000
epss 0.03375 https://api.first.org/data/v1/epss?cve=CVE-2021-38000
epss 0.03375 https://api.first.org/data/v1/epss?cve=CVE-2021-38000
epss 0.03375 https://api.first.org/data/v1/epss?cve=CVE-2021-38000
epss 0.03375 https://api.first.org/data/v1/epss?cve=CVE-2021-38000
epss 0.03375 https://api.first.org/data/v1/epss?cve=CVE-2021-38000
epss 0.03375 https://api.first.org/data/v1/epss?cve=CVE-2021-38000
epss 0.03432 https://api.first.org/data/v1/epss?cve=CVE-2021-38000
epss 0.03432 https://api.first.org/data/v1/epss?cve=CVE-2021-38000
epss 0.03432 https://api.first.org/data/v1/epss?cve=CVE-2021-38000
epss 0.03432 https://api.first.org/data/v1/epss?cve=CVE-2021-38000
epss 0.03432 https://api.first.org/data/v1/epss?cve=CVE-2021-38000
epss 0.03432 https://api.first.org/data/v1/epss?cve=CVE-2021-38000
epss 0.03432 https://api.first.org/data/v1/epss?cve=CVE-2021-38000
epss 0.03432 https://api.first.org/data/v1/epss?cve=CVE-2021-38000
cvssv3.1 6.1 https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html
ssvc Track https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html
cvssv3.1 6.1 https://crbug.com/1249962
ssvc Track https://crbug.com/1249962
cvssv3.1 6.1 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744/
cvssv2 5.8 https://nvd.nist.gov/vuln/detail/CVE-2021-38000
cvssv3.1 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-38000
archlinux High https://security.archlinux.org/AVG-2475
archlinux High https://security.archlinux.org/AVG-2504
cvssv3.1 6.1 https://www.debian.org/security/2022/dsa-5046
ssvc Track https://www.debian.org/security/2022/dsa-5046
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2021-38000
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30558
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37956
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37957
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37958
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37959
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37961
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37962
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37963
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37964
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37965
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37966
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37967
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37968
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37969
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37970
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37971
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37972
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37974
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37975
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37976
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37977
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37978
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37979
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37980
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37981
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37982
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37983
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37984
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37985
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37986
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37987
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37988
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37989
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37990
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37991
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37992
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37993
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37994
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37995
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37996
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37997
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37998
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37999
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38000
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38001
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38002
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38003
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38004
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38005
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38006
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38007
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38008
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38009
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38010
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38011
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38012
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38013
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38014
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38015
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38016
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38017
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38018
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38019
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38020
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38021
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38022
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4052
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4053
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4054
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4055
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4056
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4057
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4058
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4059
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4061
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4062
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4063
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4064
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4065
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4066
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4067
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4068
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4078
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4079
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4098
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4099
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4100
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4101
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4102
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4316
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4317
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4318
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4319
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4320
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4321
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4322
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0096
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0097
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0098
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0099
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0100
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0101
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0102
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0103
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0104
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0105
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0106
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0107
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0108
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0109
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0110
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0111
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0112
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0113
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0114
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0115
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0116
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0117
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0118
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0120
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4924
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4925
1249962 https://crbug.com/1249962
3W46HRT2UVHWSLZB6JZHQF6JNQWKV744 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744/
ASA-202110-7 https://security.archlinux.org/ASA-202110-7
ASA-202112-1 https://security.archlinux.org/ASA-202112-1
AVG-2475 https://security.archlinux.org/AVG-2475
AVG-2504 https://security.archlinux.org/AVG-2504
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
CVE-2021-38000 https://nvd.nist.gov/vuln/detail/CVE-2021-38000
dsa-5046 https://www.debian.org/security/2022/dsa-5046
stable-channel-update-for-desktop_28.html https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html
Data source KEV
Date added Nov. 3, 2021
Description Google Chromium Intents contains an improper input validation vulnerability that allows a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Required action Apply updates per vendor instructions.
Due date Nov. 17, 2021
Note 
https://nvd.nist.gov/vuln/detail/CVE-2021-38000
Ransomware campaign use Unknown
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-15T19:42:47Z/ Found at https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://crbug.com/1249962
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-15T19:42:47Z/ Found at https://crbug.com/1249962
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-15T19:42:47Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744/
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-38000
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-38000
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://www.debian.org/security/2022/dsa-5046
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-15T19:42:47Z/ Found at https://www.debian.org/security/2022/dsa-5046
Exploit Prediction Scoring System (EPSS)
Percentile 0.86262
EPSS Score 0.03083
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T09:46:00.171415+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2021/38xxx/CVE-2021-38000.json 37.0.0