Attacker Value
Moderate
(1 user assessed)
Exploitability
Low
(1 user assessed)
User Interaction
Required
Privileges Required
None
Attack Vector
Network
1

CVE-2021-30554

Disclosure Date: July 02, 2021
Exploited in the Wild
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Add Assessment

1
Ratings
Technical Analysis

Apparently this is a UAF vulnerability in the WebGL component of Chrome that has been exploited in the wild according to https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html. No further details at the moment other than that its triggered via JavaScript, which makes sense given this is a UAF vulnerability. As per usual, disable JavaScript where possible using plugins like NoScript if you want to mitigate the risk of this vulnerability somewhat, however its highly recommended to just update your Chrome and Edge browsers to the latest version available.

CVSS V3 Severity and Metrics
Base Score:
8.8 High
Impact Score:
5.9
Exploitability Score:
2.8
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
Required
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Vendors

  • fedoraproject,
  • google

Products

  • chrome,
  • fedora 33,
  • fedora 34

Exploited in the Wild

Reported by:
Technical Analysis