CVE-2021-30632
CVE-2021-30632
In short
A flaw in Google Chrome's V8 engine allows attackers to write data outside designated memory boundaries through a malicious webpage, potentially corrupting the heap and taking control of the browser.
Technical detail
An out-of-bounds write vulnerability in V8 allows a remote attacker to write beyond allocated heap memory via a crafted HTML page, potentially enabling arbitrary code execution or heap corruption. Requires user interaction (visiting a malicious site) and affects Chrome versions prior to 93.0.4577.82.
Summary generated and translated by AI from the official description.
Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Google · Chromepublic PoCs found — 4
githubgithub.com/CrackerCat/CVE-2021-30632★ 14githubgithub.com/maldev866/ChExp_CVE-2021-30632★ 0githubgithub.com/paulsery/CVE-2021-30632★ 0cve_referencepacketstormsecurity.com/files/172845/Chrome-JIT-Compiler-Type-Confusion.htmlunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/172845/Chrome-JIT-Compiler-Type-Confusion.htmlhttps://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop.htmlhttps://crbug.com/1247763https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PM7MOYYHJSWLIFZ4TPJTD7MSA3HSSLV2/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30632