CVE-2021-30547
published 2021-06-15CVE-2021-30547: Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted…
PriorityP350high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
3.58%
88.0th percentile
Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chromium | chromium | >= 0 < 93.0.4577.82-1 | 93.0.4577.82-1 |
| chromium | chromium | >= 0 < 93.0.4577.82-1 | 93.0.4577.82-1 |
| chromium | chromium | >= 0 < 93.0.4577.82-1 | 93.0.4577.82-1 |
| chromium | chromium | >= 0 < 93.0.4577.82-1 | 93.0.4577.82-1 |
| debian | chromium | < chromium 93.0.4577.82-1 (bookworm) | chromium 93.0.4577.82-1 (bookworm) |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | firefox | < chromium 93.0.4577.82-1 (bookworm) | chromium 93.0.4577.82-1 (bookworm) |
| debian | firefox-esr | < chromium 93.0.4577.82-1 (bookworm) | chromium 93.0.4577.82-1 (bookworm) |
| debian | thunderbird | < chromium 93.0.4577.82-1 (bookworm) | chromium 93.0.4577.82-1 (bookworm) |
| fedoraproject | fedora | — | — |
| chrome | < 91.0.4472.101 | 91.0.4472.101 | |
| chrome | >= unspecified < 91.0.4472.101 | 91.0.4472.101 | |
| chrome_chrome | — | — | |
| mozilla | firefox | < 97.0 | 97.0 |
| mozilla | firefox | — | — |
| mozilla | thunderbird | >= 0 < 1:78.12.0-1 | 1:78.12.0-1 |
| mozilla | thunderbird | >= 0 < 1:78.12.0-1 | 1:78.12.0-1 |
| mozilla | thunderbird | >= 0 < 1:78.12.0-1 | 1:78.12.0-1 |
| mozilla | thunderbird | >= 0 < 1:78.12.0-1 | 1:78.12.0-1 |
| mozilla | thunderbird | >= 0 < 1:78.13.0+build1-0ubuntu0.18.04.1 | 1:78.13.0+build1-0ubuntu0.18.04.1 |
| mozilla | thunderbird | >= 0 < 1:78.13.0+build1-0ubuntu0.20.04.2 | 1:78.13.0+build1-0ubuntu0.20.04.2 |
| msrc | microsoft_edge | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
vendor_debian8.8HIGH
vendor_msrc8.8HIGH
vendor_redhat8.8HIGH
vendor_ubuntu5.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-h3c6-pc9c-gf82: Out of bounds write in ANGLE in Google Chrome prior to 91
ghsa_unreviewed·2022-05-24
CVE-2021-30547 [HIGH] CWE-787 GHSA-h3c6-pc9c-gf82: Out of bounds write in ANGLE in Google Chrome prior to 91
Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
OSV
thunderbird vulnerabilities
osv·2021-08-31·CVSS 5.9
CVE-2021-29969 [MEDIUM] thunderbird vulnerabilities
thunderbird vulnerabilities
It was discovered that Thunderbird didn't ignore IMAP server responses
prior to completion of the STARTTLS handshake. A person-in-the-middle
could potentially exploit this to trick Thunderbird into showing incorrect
information. (CVE-2021-29969)
Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context, an
attacker could potentially exploit these to cause a denial of service, or
execute arbitrary code. (CVE-2021-29970, CVE-2021-29976, CVE-2021-29980,
CVE-2021-29984, CVE-2021-29985, CVE-2021-29986, CVE-2021-29988,
CVE-2021-29989, CVE-2021-30547)
OSV
CVE-2021-30547: Out of bounds write in ANGLE in Google Chrome prior to 91
osv·2021-06-15·CVSS 8.8
CVE-2021-30547 [HIGH] CVE-2021-30547: Out of bounds write in ANGLE in Google Chrome prior to 91
Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
Ubuntu
Thunderbird vulnerabilities
vendor_ubuntu·2021-08-31·CVSS 5.9
CVE-2021-29985 [MEDIUM] Thunderbird vulnerabilities
Title: Thunderbird vulnerabilities
Summary: Several security issues were fixed in Thunderbird.
It was discovered that Thunderbird didn't ignore IMAP server responses
prior to completion of the STARTTLS handshake. A person-in-the-middle
could potentially exploit this to trick Thunderbird into showing incorrect
information. (CVE-2021-29969)
Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context, an
attacker could potentially exploit these to cause a denial of service, or
execute arbitrary code. (CVE-2021-29970, CVE-2021-29976, CVE-2021-29980,
CVE-2021-29984, CVE-2021-29985, CVE-2021-29986, CVE-2021-29988,
CVE-2021-29989, CVE-2021-30547)
Instructions: After a standard system update you need to restart
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2021-07-16
CVE-2021-29974 Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, overlay text
over another domain, or execute arbitrary code.
Instructions: After a standard system update you need to restart Firefox to make
all the necessary changes.
Chrome
Stable Channel Update for Desktop: CVE-2021-30547
vendor_chrome·2021-06-09·CVSS 8.8
CVE-2021-30547 [HIGH] Stable Channel Update for Desktop: CVE-2021-30547
Stable Channel Update for Desktop
CVE-2021-30547: Out of bounds write in ANGLE. Reported by Seong-Hwan Park (SeHwa) of SecunologyLab on 2021-05-18 [$TBD][ 1210487 ] High CVE-2021-30548: Use after free in Loader
Reported by Yangkang(@dnpushme) & Wanglu of Qihoo360 Qex Team on 2021-05-18 [$TBD][ 1212498 ] High CVE-2021-30549: Use after free in Spell check
Severity: high
Red Hat
chromium-browser: Out of bounds write in ANGLE
vendor_redhat·2021-06-09·CVSS 8.8
CVE-2021-30547 [HIGH] chromium-browser: Out of bounds write in ANGLE
chromium-browser: Out of bounds write in ANGLE
Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
Package: firefox (Red Hat Enterprise Linux 6) - Out of support scope
Package: thunderbird (Red Hat Enterprise Linux 6) - Out of support scope
Microsoft
Chromium: CVE-2021-30547 Out of bounds write in ANGLE
vendor_msrc·2021-06-08·CVSS 8.8
CVE-2021-30547 [HIGH] Chromium: CVE-2021-30547 Out of bounds write in ANGLE
Chromium: CVE-2021-30547 Out of bounds write in ANGLE
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browser?
In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
Click on Help and Feedback
Click on About Microsoft Edge
FAQ:
Debian
CVE-2021-30547: chromium - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a r...
vendor_debian·2021·CVSS 8.8
CVE-2021-30547 [HIGH] CVE-2021-30547: chromium - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a r...
Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
Scope: local
bookworm: resolved (fixed in 93.0.4577.82-1)
bullseye: resolved (fixed in 93.0.4577.82-1)
forky: resolved (fixed in 93.0.4577.82-1)
sid: resolved (fixed in 93.0.4577.82-1)
trixie: resolved (fixed in 93.0.4577.82-1)
Mozilla
Mozilla Foundation Security Advisory 2021-29: CVE-2021-30547
vendor_mozilla·CVSS 8.8
CVE-2021-30547 [HIGH] Mozilla Foundation Security Advisory 2021-29: CVE-2021-30547
Mozilla Foundation Security Advisory 2021-29
CVE: CVE-2021-30547
Product: Firefox ESR
Impact: high
Fixed in: Firefox ESR 78.12
Mozilla
Mozilla Foundation Security Advisory 2021-30: CVE-2021-30547
vendor_mozilla·CVSS 8.8
CVE-2021-30547 [HIGH] Mozilla Foundation Security Advisory 2021-30: CVE-2021-30547
Mozilla Foundation Security Advisory 2021-30
CVE: CVE-2021-30547
Product: Thunderbird
Impact: high
Fixed in: Thunderbird 78.12
Mozilla
Mozilla Foundation Security Advisory 2021-28: CVE-2021-30547
vendor_mozilla·CVSS 8.8
CVE-2021-30547 [HIGH] Mozilla Foundation Security Advisory 2021-28: CVE-2021-30547
Mozilla Foundation Security Advisory 2021-28
CVE: CVE-2021-30547
Product: Firefox
Impact: high
Fixed in: Firefox 90
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.htmlhttps://crbug.com/1210414https://lists.debian.org/debian-lts-announce/2021/07/msg00009.htmlhttps://lists.debian.org/debian-lts-announce/2021/07/msg00010.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ETMZL6IHCTCTREEL434BQ4THQ7EOHJ43/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAT6EOXVQFE6JFMFQF4IKAOUQSHMHL54/https://security.gentoo.org/glsa/202202-03https://security.gentoo.org/glsa/202208-14https://www.debian.org/security/2021/dsa-4939https://www.debian.org/security/2021/dsa-4940https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.htmlhttps://crbug.com/1210414https://lists.debian.org/debian-lts-announce/2021/07/msg00009.htmlhttps://lists.debian.org/debian-lts-announce/2021/07/msg00010.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ETMZL6IHCTCTREEL434BQ4THQ7EOHJ43/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAT6EOXVQFE6JFMFQF4IKAOUQSHMHL54/https://security.gentoo.org/glsa/202202-03https://security.gentoo.org/glsa/202208-14https://www.debian.org/security/2021/dsa-4939https://www.debian.org/security/2021/dsa-4940
2021-06-15
Published