CVE-2021-30560
published 2021-08-03CVE-2021-30560: Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
PriorityP359high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
21.62%
97.3th percentile
Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Affected
26 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chromium | chromium | >= 0 < 93.0.4577.82-1 | 93.0.4577.82-1 |
| chromium | chromium | >= 0 < 93.0.4577.82-1 | 93.0.4577.82-1 |
| chromium | chromium | >= 0 < 93.0.4577.82-1 | 93.0.4577.82-1 |
| chromium | chromium | >= 0 < 93.0.4577.82-1 | 93.0.4577.82-1 |
| debian | chromium | < chromium 93.0.4577.82-1 (bookworm) | chromium 93.0.4577.82-1 (bookworm) |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | libxslt | < chromium 93.0.4577.82-1 (bookworm) | chromium 93.0.4577.82-1 (bookworm) |
| chrome | < 91.0.4472.164 | 91.0.4472.164 | |
| chrome | >= unspecified < 91.0.4472.164 | 91.0.4472.164 | |
| chrome_chrome | — | — | |
| msrc | microsoft_edge | — | — |
| nokogiri | nokogiri | >= 0 < 1.13.2 | 1.13.2 |
| splunk | universal_forwarder | — | — |
| splunk | universal_forwarder | >= 8.2.0 < 8.2.12 | 8.2.12 |
| splunk | universal_forwarder | >= 9.0.0 < 9.0.6 | 9.0.6 |
| xmlsoft | libxslt | < 1.1.35 | 1.1.35 |
| xmlsoft | libxslt | >= 0 < 1.1.34-4+deb11u1 | 1.1.34-4+deb11u1 |
| xmlsoft | libxslt | >= 0 < 1.1.35-1 | 1.1.35-1 |
| xmlsoft | libxslt | >= 0 < 1.1.35-1 | 1.1.35-1 |
| xmlsoft | libxslt | >= 0 < 1.1.35-1 | 1.1.35-1 |
| xmlsoft | libxslt | >= 0 < 1.1.29-5ubuntu0.3 | 1.1.29-5ubuntu0.3 |
| xmlsoft | libxslt | >= 0 < 1.1.34-4ubuntu0.20.04.1 | 1.1.34-4ubuntu0.20.04.1 |
| xmlsoft | libxslt | >= 0 < 1.1.34-4ubuntu0.22.04.1 | 1.1.34-4ubuntu0.22.04.1 |
| xmlsoft | libxslt | >= 0 < 1.1.28-2ubuntu0.2+esm2 | 1.1.28-2ubuntu0.2+esm2 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
ghsa8.8HIGH
osv8.8HIGH
vendor_debian8.8HIGH
vendor_msrc8.8HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Libxslt vulnerabilities
vendor_ubuntu·2022-08-22·CVSS 7.5
CVE-2019-5815 [HIGH] Libxslt vulnerabilities
Title: Libxslt vulnerabilities
Summary: Several security issues were fixed in Libxslt.
Nicolas Grégoire discovered that Libxslt incorrectly handled certain XML.
An attacker could possibly use this issue to expose sensitive information
or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS.
(CVE-2019-5815)
Alexey Neyman incorrectly handled certain HTML pages.
An attacker could possibly use this issue to expose sensitive information
or execute arbitrary code. (CVE-2021-30560)
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
Libxslt vulnerabilities
vendor_ubuntu·2022-08-22·CVSS 7.5
CVE-2019-5815 [HIGH] Libxslt vulnerabilities
Title: Libxslt vulnerabilities
Summary: Several security issues were fixed in Libxslt.
USN-5575-1 fixed vulnerabilities in Libxslt. This update provides
the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04
ESM.
Original advisory details:
Nicolas Grégoire discovered that Libxslt incorrectly handled certain XML.
An attacker could possibly use this issue to expose sensitive information
or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS.
(CVE-2019-5815)
Alexey Neyman incorrectly handled certain HTML pages.
An attacker could possibly use this issue to expose sensitive information
or execute arbitrary code. (CVE-2021-30560)
Instructions: In general, a standard system update will make all the necessary changes.
Chrome
Long Term Support Channel Update for ChromeOS: CVE-2021-30560
vendor_chrome·2022-07-27·CVSS 8.8
CVE-2021-30560 [HIGH] Long Term Support Channel Update for ChromeOS: CVE-2021-30560
Long Term Support Channel Update for ChromeOS
CVE-2021-30560
Chrome
Stable Channel Update for Desktop: CVE-2021-30559
vendor_chrome·2021-07-15·CVSS 8.8
CVE-2021-30559 [HIGH] Stable Channel Update for Desktop: CVE-2021-30559
Stable Channel Update for Desktop
CVE-2021-30559: Out of bounds write in ANGLE. Reported by Seong-Hwan Park (SeHwa) of SecunologyLab on 2021-06-11 [$5000][ 1214842 ] High CVE-2021-30541: Use after free in V8
Reported by Richard Wheeldon on 2021-05-31 [$N/A][ 1219209 ] High CVE-2021-30560: Use after free in Blink XSLT
Severity: high
Microsoft
Chromium: CVE-2021-30560 Use after free in Blink XSLT
vendor_msrc·2021-07-13·CVSS 8.8
CVE-2021-30560 [HIGH] Chromium: CVE-2021-30560 Use after free in Blink XSLT
Chromium: CVE-2021-30560 Use after free in Blink XSLT
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.
How can I see the version of the browser?
In your Microsoft Edge browser, click on the 3 dots (...) on the
Debian
CVE-2021-30560: chromium - Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a r...
vendor_debian·2021·CVSS 8.8
CVE-2021-30560 [HIGH] CVE-2021-30560: chromium - Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a r...
Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Scope: local
bookworm: resolved (fixed in 93.0.4577.82-1)
bullseye: resolved (fixed in 93.0.4577.82-1)
forky: resolved (fixed in 93.0.4577.82-1)
sid: resolved (fixed in 93.0.4577.82-1)
trixie: resolved (fixed in 93.0.4577.82-1)
OSV
libxslt vulnerabilities
osv·2022-08-22·CVSS 7.5
CVE-2019-5815 [HIGH] libxslt vulnerabilities
libxslt vulnerabilities
Nicolas Grégoire discovered that Libxslt incorrectly handled certain XML.
An attacker could possibly use this issue to expose sensitive information
or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS.
(CVE-2019-5815)
Alexey Neyman incorrectly handled certain HTML pages.
An attacker could possibly use this issue to expose sensitive information
or execute arbitrary code. (CVE-2021-30560)
OSV
libxslt vulnerabilities
osv·2022-08-22·CVSS 7.5
CVE-2019-5815 [HIGH] libxslt vulnerabilities
libxslt vulnerabilities
USN-5575-1 fixed vulnerabilities in Libxslt. This update provides
the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04
ESM.
Original advisory details:
Nicolas Grégoire discovered that Libxslt incorrectly handled certain XML.
An attacker could possibly use this issue to expose sensitive information
or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS.
(CVE-2019-5815)
Alexey Neyman incorrectly handled certain HTML pages.
An attacker could possibly use this issue to expose sensitive information
or execute arbitrary code. (CVE-2021-30560)
GHSA
Nokogiri has vulnerable dependencies on libxml2 and libxslt
ghsa·2022-05-24
CVE-2021-30560 [HIGH] CWE-416 Nokogiri has vulnerable dependencies on libxml2 and libxslt
Nokogiri has vulnerable dependencies on libxml2 and libxslt
Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
OSV
Nokogiri has vulnerable dependencies on libxml2 and libxslt
osv·2022-05-24
CVE-2021-30560 [HIGH] Nokogiri has vulnerable dependencies on libxml2 and libxslt
Nokogiri has vulnerable dependencies on libxml2 and libxslt
Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
OSV
Vulnerable dependencies in Nokogiri
osv·2022-02-25·CVSS 8.8
CVE-2021-30560 [HIGH] Vulnerable dependencies in Nokogiri
Vulnerable dependencies in Nokogiri
### Summary
Nokogiri [v1.13.2](https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.2) upgrades two of its packaged dependencies:
- vendored libxml2 from v2.9.12 to [v2.9.13](https://download.gnome.org/sources/libxml2/2.9/libxml2-2.9.13.news)
- vendored libxslt from v1.1.34 to [v1.1.35](https://download.gnome.org/sources/libxslt/1.1/libxslt-1.1.35.news)
Those library versions address the following upstream CVEs:
- libxslt: [CVE-2021-30560](https://nvd.nist.gov/vuln/detail/CVE-2021-30560) (CVSS 8.8, High severity)
- libxml2: [CVE-2022-23308](https://nvd.nist.gov/vuln/detail/CVE-2022-23308) (Unspecified severity, see more information below)
Those library versions also address numerous other issues including performance improvements, regressio
GHSA
Vulnerable dependencies in Nokogiri
ghsa·2022-02-25·CVSS 8.8
CVE-2021-30560 [HIGH] CWE-416 Vulnerable dependencies in Nokogiri
Vulnerable dependencies in Nokogiri
### Summary
Nokogiri [v1.13.2](https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.2) upgrades two of its packaged dependencies:
- vendored libxml2 from v2.9.12 to [v2.9.13](https://download.gnome.org/sources/libxml2/2.9/libxml2-2.9.13.news)
- vendored libxslt from v1.1.34 to [v1.1.35](https://download.gnome.org/sources/libxslt/1.1/libxslt-1.1.35.news)
Those library versions address the following upstream CVEs:
- libxslt: [CVE-2021-30560](https://nvd.nist.gov/vuln/detail/CVE-2021-30560) (CVSS 8.8, High severity)
- libxml2: [CVE-2022-23308](https://nvd.nist.gov/vuln/detail/CVE-2022-23308) (Unspecified severity, see more information below)
Those library versions also address numerous other issues including performance improvements, regressio
OSV
CVE-2021-30560: Use after free in Blink XSLT in Google Chrome prior to 91
osv·2021-08-03·CVSS 8.8
CVE-2021-30560 [HIGH] CVE-2021-30560: Use after free in Blink XSLT in Google Chrome prior to 91
Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.htmlhttps://crbug.com/1219209https://lists.debian.org/debian-lts-announce/2022/09/msg00010.htmlhttps://security.gentoo.org/glsa/202310-23https://www.debian.org/security/2022/dsa-5216https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.htmlhttps://crbug.com/1219209https://lists.debian.org/debian-lts-announce/2022/09/msg00010.htmlhttps://security.gentoo.org/glsa/202310-23https://www.debian.org/security/2022/dsa-5216
2021-08-03
Published