CVE-2021-30578Use of Uninitialized Resource in Google Chrome

CWE-908Use of Uninitialized Resource6 documents6 sources
Severity
8.8HIGHNVD
EPSS
0.8%
top 25.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Google ChromeChromiumDebian Chromium+3 more
Timeline
PublishedAug 3
Latest updateMay 24

Description

Uninitialized use in Media in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages6 packages

CVEListV5google/chromeunspecified92.0.4515.107
NVDgoogle/chrome< 92.0.4515.107
debiandebian/chromium< chromium 93.0.4577.82-1 (bookworm)
Debianchromium/chromium< 93.0.4577.82-1+3

Also affects: Fedora 33, 34, 35

Patches

Patch: crbug.comPatch: crbug.com

🔴Vulnerability Details

2
GHSA
GHSA-4xgg-f2g4-h7j8: Uninitialized use in Media in Google Chrome prior to 922022-05-24
OSV
CVE-2021-30578: Uninitialized use in Media in Google Chrome prior to 922021-08-03

📋Vendor Advisories

3
Chrome
Stable Channel Update for Desktop: CVE-2021-305782021-07-20
Microsoft
Chromium: CVE-2021-30578 Uninitialized Use in Media2021-07-13
Debian
CVE-2021-30578: chromium - Uninitialized use in Media in Google Chrome prior to 92.0.4515.107 allowed a rem...2021