CVE-2021-30535
published 2021-06-07CVE-2021-30535: Double free in ICU in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
PriorityP343high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
1.13%
62.3th percentile
Double free in ICU in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chromium | chromium | >= 0 < 93.0.4577.82-1 | 93.0.4577.82-1 |
| chromium | chromium | >= 0 < 93.0.4577.82-1 | 93.0.4577.82-1 |
| chromium | chromium | >= 0 < 93.0.4577.82-1 | 93.0.4577.82-1 |
| chromium | chromium | >= 0 < 93.0.4577.82-1 | 93.0.4577.82-1 |
| debian | chromium | < chromium 93.0.4577.82-1 (bookworm) | chromium 93.0.4577.82-1 (bookworm) |
| debian | icu | < chromium 93.0.4577.82-1 (bookworm) | chromium 93.0.4577.82-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| chrome | < 91.0.4472.77 | 91.0.4472.77 | |
| chrome | >= unspecified < 91.0.4472.77 | 91.0.4472.77 | |
| chrome_chrome | — | — | |
| msrc | microsoft_edge | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
vendor_debian8.8HIGH
vendor_msrc8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
ICU vulnerability
vendor_ubuntu·2021-11-24
CVE-2021-30535 ICU vulnerability
Title: ICU vulnerability
Summary: ICU could be made to crash if it received specially crafted
input.
It was discovered that ICU contains a double free issue.
An attacker could use this issue to cause a denial of service or possibly execute arbitrary code.
Instructions: In general, a standard system update will make all the necessary changes.
Chrome
Stable Channel Update for Desktop: CVE-2021-30535
vendor_chrome·2021-05-25·CVSS 8.8
CVE-2021-30535 [MEDIUM] Stable Channel Update for Desktop: CVE-2021-30535
Stable Channel Update for Desktop
CVE-2021-30535: Double free in ICU. Reported by nocma, leogan, cheneyxu of WeChat Open Platform Security Team on 2021-04-01 [$TBD][ 1184954 ] Medium CVE-2021-30542: Use after free in Tab Strip
Reported by Khalil Zhani on 2021-03-05 [$TBD][ 1203607 ] Medium CVE-2021-30543: Use after free in Tab Strip
Severity: medium
Microsoft
Chromium: CVE-2021-30535 Double free in ICU
vendor_msrc·2021-05-11·CVSS 8.8
CVE-2021-30535 [HIGH] Chromium: CVE-2021-30535 Double free in ICU
Chromium: CVE-2021-30535 Double free in ICU
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
91.0.864.37
5/27/2021
91.0.4472.77
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browser?
In your Microso
Debian
CVE-2021-30535: chromium - Double free in ICU in Google Chrome prior to 91.0.4472.77 allowed a remote attac...
vendor_debian·2021·CVSS 8.8
CVE-2021-30535 [HIGH] CVE-2021-30535: chromium - Double free in ICU in Google Chrome prior to 91.0.4472.77 allowed a remote attac...
Double free in ICU in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Scope: local
bookworm: resolved (fixed in 93.0.4577.82-1)
bullseye: resolved (fixed in 93.0.4577.82-1)
forky: resolved (fixed in 93.0.4577.82-1)
sid: resolved (fixed in 93.0.4577.82-1)
trixie: resolved (fixed in 93.0.4577.82-1)
GHSA
GHSA-hcg3-p22c-cw6r: Double free in ICU in Google Chrome prior to 91
ghsa_unreviewed·2022-05-24
CVE-2021-30535 [HIGH] CWE-415 GHSA-hcg3-p22c-cw6r: Double free in ICU in Google Chrome prior to 91
Double free in ICU in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
OSV
CVE-2021-30535: Double free in ICU in Google Chrome prior to 91
osv·2021-06-07·CVSS 8.8
CVE-2021-30535 [HIGH] CVE-2021-30535: Double free in ICU in Google Chrome prior to 91
Double free in ICU in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.htmlhttps://crbug.com/1194899https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ETMZL6IHCTCTREEL434BQ4THQ7EOHJ43/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAT6EOXVQFE6JFMFQF4IKAOUQSHMHL54/https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.htmlhttps://crbug.com/1194899https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ETMZL6IHCTCTREEL434BQ4THQ7EOHJ43/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAT6EOXVQFE6JFMFQF4IKAOUQSHMHL54/
2021-06-07
Published