CVE-2021-30557
published 2021-07-02CVE-2021-30557: Use after free in TabGroups in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially…
PriorityP353high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
11.75%
95.5th percentile
Use after free in TabGroups in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chromium | chromium | >= 0 < 93.0.4577.82-1 | 93.0.4577.82-1 |
| chromium | chromium | >= 0 < 93.0.4577.82-1 | 93.0.4577.82-1 |
| chromium | chromium | >= 0 < 93.0.4577.82-1 | 93.0.4577.82-1 |
| chromium | chromium | >= 0 < 93.0.4577.82-1 | 93.0.4577.82-1 |
| debian | chromium | < chromium 93.0.4577.82-1 (bookworm) | chromium 93.0.4577.82-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| chrome | < 91.0.4472.114 | 91.0.4472.114 | |
| chrome | >= unspecified < 91.0.4472.114 | 91.0.4472.114 | |
| chrome_chrome | — | — | |
| msrc | microsoft_edge | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
vendor_debian8.8HIGH
vendor_msrc8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7jqg-3j54-cpcr: Use after free in TabGroups in Google Chrome prior to 91
ghsa_unreviewed·2022-05-24
CVE-2021-30557 [HIGH] CWE-416 GHSA-7jqg-3j54-cpcr: Use after free in TabGroups in Google Chrome prior to 91
Use after free in TabGroups in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
OSV
CVE-2021-30557: Use after free in TabGroups in Google Chrome prior to 91
osv·2021-07-02·CVSS 8.8
CVE-2021-30557 [HIGH] CVE-2021-30557: Use after free in TabGroups in Google Chrome prior to 91
Use after free in TabGroups in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
Chrome
Stable Channel Update for Desktop: CVE-2021-30557
vendor_chrome·2021-06-17·CVSS 8.8
CVE-2021-30557 [HIGH] Stable Channel Update for Desktop: CVE-2021-30557
Stable Channel Update for Desktop
CVE-2021-30557: Use after free in TabGroups. Reported by David Erceg on 2021-04-23 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel
Severity: high
Microsoft
Chromium: CVE-2021-30557 Use after free in TabGroups
vendor_msrc·2021-06-08·CVSS 8.8
CVE-2021-30557 [HIGH] Chromium: CVE-2021-30557 Use after free in TabGroups
Chromium: CVE-2021-30557 Use after free in TabGroups
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browser?
In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
Click on Help and Feedback
Click on About Microsoft Edge
FAQ:
Debian
CVE-2021-30557: chromium - Use after free in TabGroups in Google Chrome prior to 91.0.4472.114 allowed an a...
vendor_debian·2021·CVSS 8.8
CVE-2021-30557 [HIGH] CVE-2021-30557: chromium - Use after free in TabGroups in Google Chrome prior to 91.0.4472.114 allowed an a...
Use after free in TabGroups in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
Scope: local
bookworm: resolved (fixed in 93.0.4577.82-1)
bullseye: resolved (fixed in 93.0.4577.82-1)
forky: resolved (fixed in 93.0.4577.82-1)
sid: resolved (fixed in 93.0.4577.82-1)
trixie: resolved (fixed in 93.0.4577.82-1)
No detection rules found.
No public exploits indexed.
https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.htmlhttps://crbug.com/1202102https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ETMZL6IHCTCTREEL434BQ4THQ7EOHJ43/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAT6EOXVQFE6JFMFQF4IKAOUQSHMHL54/https://security.gentoo.org/glsa/202107-06https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.htmlhttps://crbug.com/1202102https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ETMZL6IHCTCTREEL434BQ4THQ7EOHJ43/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAT6EOXVQFE6JFMFQF4IKAOUQSHMHL54/https://security.gentoo.org/glsa/202107-06
2021-07-02
Published