CVE-2021-30593Out-of-bounds Read in Google Chrome

CWE-125Out-of-bounds Read6 documents6 sources
Severity
8.1HIGHNVD
EPSS
0.3%
top 51.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Google ChromeChromiumDebian Chromium+3 more
Timeline
PublishedAug 26
Latest updateMay 24

Description

Out of bounds read in Tab Strip in Google Chrome prior to 92.0.4515.131 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted HTML page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages6 packages

CVEListV5google/chromeunspecified92.0.4515.131
NVDgoogle/chrome< 92.0.4515.131
debiandebian/chromium< chromium 93.0.4577.82-1 (bookworm)
Debianchromium/chromium< 93.0.4577.82-1+3

Also affects: Fedora 33, 34, 35

Patches

Patch: crbug.comPatch: crbug.com

🔴Vulnerability Details

2
GHSA
GHSA-v2xc-8hw7-gm6x: Out of bounds read in Tab Strip in Google Chrome prior to 922022-05-24
OSV
CVE-2021-30593: Out of bounds read in Tab Strip in Google Chrome prior to 922021-08-26

📋Vendor Advisories

3
Microsoft
Chromium: CVE-2021-30593 Out of bounds read in Tab Strip2021-08-10
Chrome
Stable Channel Update for Desktop: CVE-2021-305932021-08-02
Debian
CVE-2021-30593: chromium - Out of bounds read in Tab Strip in Google Chrome prior to 92.0.4515.131 allowed ...2021