CVE-2021-30551
CVE-2021-30551
In short
Google Chrome's V8 engine had a type confusion vulnerability that could allow attackers to corrupt memory through a specially crafted webpage, potentially leading to code execution or system crashes.
Technical detail
CWE-843 type confusion in V8 engine allows remote attackers to trigger heap corruption via crafted HTML. Attack vector requires user interaction (visiting malicious page) and affects Chrome versions prior to 91.0.4472.101, potentially enabling arbitrary code execution through memory exploitation.
Summary generated and translated by AI from the official description.
Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Google · Chromepublic PoCs found — 1
githubgithub.com/xmzyshypnc/CVE-2021-30551★ 24⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.htmlhttps://crbug.com/1216437https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ETMZL6IHCTCTREEL434BQ4THQ7EOHJ43/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAT6EOXVQFE6JFMFQF4IKAOUQSHMHL54/https://security.gentoo.org/glsa/202107-06https://security.gentoo.org/glsa/202208-25https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30551