CVE-2021-30612 — Use After Free in Chromium

CWE-416 — Use After Free4 documents4 sources

Severity

8.8MEDIUM

No vector

EPSS

0.7%

top 27.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Chromium Google Chrome Chrome Msrc Microsoft Edge

Timeline

PublishedAug 31

Latest updateMay 24

Description

Stable Channel Update for Desktop CVE-2021-30612: Use after free in WebRTC. Reported by Nan Wang (@eternalsakura13) and koocola (@alo_cook) of 360 Alpha Lab on 2021-07-29 [$15000][ 1209622 ] Medium CVE-2021-30613: Use after free in Base internals Reported by Yangkang (@dnpushme) of 360 ATA on 2021-05-16 [$10000][ 1207315 ] Medium CVE-2021-30614: Heap buffer overflow in TabStrip Severity: medium

Affected Packages3 packages

▶debiandebian/chromium< chromium 93.0.4577.82-1 (bookworm)

▶msrcmsrc/microsoft_edge

▶googlegoogle/chrome_chrome

🔴Vulnerability Details

GHSA

GHSA-mcwj-mj5h-p34c: Use after free in WebRTC in Google Chrome on Linux, ChromeOS prior to 93↗2022-05-24

▶

📋Vendor Advisories

Microsoft

Chromium: CVE-2021-30612 Use after free in WebRTC↗2021-09-14

▶

Chrome

Stable Channel Update for Desktop: CVE-2021-30612↗2021-08-31

▶

Debian

CVE-2021-30612: chromium - Chromium: CVE-2021-30612 Use after free in WebRTC↗2021

▶