Attacker Value
Moderate
CVE-2021-30554
CVE-2021-30554
(Last updated November 08, 2023) ▾
MITRE ATT&CK
Log in to add MITRE ATT&CK tag
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Description
Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Add Assessment
1
Technical Analysis
Apparently this is a UAF vulnerability in the WebGL component of Chrome that has been exploited in the wild according to https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html. No further details at the moment other than that its triggered via JavaScript, which makes sense given this is a UAF vulnerability. As per usual, disable JavaScript where possible using plugins like NoScript if you want to mitigate the risk of this vulnerability somewhat, however its highly recommended to just update your Chrome and Edge browsers to the latest version available.
CVSS V3 Severity and Metrics
Data provided by the National Vulnerability Database (NVD)
Base Score:
8.8 High
Impact Score:
5.9
Exploitability Score:
2.8
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
Required
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High
General Information
Vendors
- fedoraproject,
Products
- chrome,
- fedora 33,
- fedora 34
Exploited in the Wild
References
Advisory
