CVE-2021-30616 — Use After Free in Chromium

CWE-416 — Use After Free4 documents4 sources

Severity

6.5MEDIUM

No vector

EPSS

0.9%

top 23.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Chromium Google Chrome Chrome Msrc Microsoft Edge

Timeline

PublishedAug 31

Latest updateMay 24

Description

Stable Channel Update for Desktop CVE-2021-30615: Cross-origin data leak in Navigation. Reported by NDevTK on 2021-05-12 [$5000][ 1231432 ] Medium CVE-2021-30616: Use after free in Media Reported by Anonymous on 2021-07-21 [$3000][ 1226909 ] Medium CVE-2021-30617: Policy bypass in Blink Severity: medium

Affected Packages3 packages

▶debiandebian/chromium< chromium 93.0.4577.82-1 (bookworm)

▶msrcmsrc/microsoft_edge

▶googlegoogle/chrome_chrome

🔴Vulnerability Details

GHSA

GHSA-9pcf-jg3j-pw83: Use after free in Media in Google Chrome prior to 93↗2022-05-24

▶

📋Vendor Advisories

Microsoft

Chromium: CVE-2021-30616 Use after free in Media↗2021-09-14

▶

Chrome

Stable Channel Update for Desktop: CVE-2021-30615↗2021-08-31

▶

Debian

CVE-2021-30616: chromium - Chromium: CVE-2021-30616 Use after free in Media↗2021

▶