CVE-2021-30611 — Use After Free in Google Chrome Chrome

CWE-416 — Use After Free4 documents4 sources

Severity

8.8HIGH

No vector

EPSS

0.7%

top 27.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Chromium Google Chrome Chrome Msrc Microsoft Edge

Timeline

PublishedMay 24

Description

Use after free in WebRTC in Google Chrome on Linux, ChromeOS prior to 93.0.4577.63 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

Affected Packages3 packages

▶googlegoogle/chrome_chrome

▶debiandebian/chromium< chromium 93.0.4577.82-1 (bookworm)

▶msrcmsrc/microsoft_edge

🔴Vulnerability Details

GHSA

GHSA-fww6-qcmh-hvxh: Use after free in WebRTC in Google Chrome on Linux, ChromeOS prior to 93↗2022-05-24

▶

📋Vendor Advisories

Microsoft

Chromium: CVE-2021-30611 Use after free in WebRTC↗2021-09-14

▶

Chrome

Stable Channel Update for Desktop: CVE-2021-30609↗2021-08-31

▶

Debian

CVE-2021-30611: chromium - Chromium: CVE-2021-30611 Use after free in WebRTC↗2021

▶