CVE-2021-30554
CVE-2021-30554
Vexday Risk Score
51Attention
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 8.8EPSS 7.4%KEV simPoC —Nuclei —Metasploit —Patch referenciado
Lifecycle
02 Jul 2021Published on NVD
03 Nov 2021Active exploitation (CISA KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short
A flaw in Chrome's WebGL feature allows attackers to corrupt memory on your computer through a specially crafted webpage. This can crash your browser or potentially run malicious code.
Technical detail
Use-after-free vulnerability in WebGL renderer (CWE-416) in Chrome versions before 91.0.4472.114. Remote attacker can trigger heap corruption by serving a crafted HTML page; requires user to visit the malicious site. Impact includes denial of service and potential code execution with browser privileges.
Summary generated and translated by AI from the official description.
Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Google · ChromeWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.htmlhttps://crbug.com/1219857https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ETMZL6IHCTCTREEL434BQ4THQ7EOHJ43/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAT6EOXVQFE6JFMFQF4IKAOUQSHMHL54/https://security.gentoo.org/glsa/202107-06https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30554