cbcvebase.
CVE-2021-30632
published 2021-10-08

CVE-2021-30632: Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

PriorityP189high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2021-11-17
Exploited in the wild
EPSS
64.55%
99.1th percentile
Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Affected

11 ranges
VendorProductVersion rangeFixed in
chromiumchromium>= 0 < 93.0.4577.82-193.0.4577.82-1
chromiumchromium>= 0 < 93.0.4577.82-193.0.4577.82-1
chromiumchromium>= 0 < 93.0.4577.82-193.0.4577.82-1
chromiumchromium>= 0 < 93.0.4577.82-193.0.4577.82-1
debianchromium< chromium 93.0.4577.82-1 (bookworm)chromium 93.0.4577.82-1 (bookworm)
fedoraprojectfedora
fedoraprojectfedora
googlechrome< 93.0.4577.8293.0.4577.82
googlechrome>= unspecified < 93.0.4577.8293.0.4577.82
googlechrome_chrome
msrcmicrosoft_edge

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2021-30632 is exploited in the wild (CISA KEV listed); target is Google Chromium V8 engine — versions prior to 93.0.4577.82 are vulnerable to out-of-bounds write enabling heap corruption via a crafted HTML page
  • The vulnerability was reported anonymously on 2021-09-08 and tracked internally as Chromium issue 1247766; this bug ID may appear in exploit PoC references or threat actor tooling
  • Attack vector is remote via a crafted HTML page delivered to the browser; monitor for suspicious or anomalous HTML/JS content triggering V8 heap corruption patterns
  • Multiple Chromium-based browsers are affected beyond Chrome alone; broaden detection scope to include Microsoft Edge and Opera version telemetry
  • ·CISA KEV remediation due date was 2021-11-17; any unpatched Chromium-based browser below version 93.0.4577.82 remains at risk

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
vulncheck8.8HIGH
cisa8.8HIGH
vendor_debian8.8HIGH
vendor_msrc8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.