9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.011 Low
EPSS
Percentile
84.1%
Severity: High
Date : 2021-07-21
CVE-ID : CVE-2021-30565 CVE-2021-30566 CVE-2021-30567 CVE-2021-30568
CVE-2021-30569 CVE-2021-30571 CVE-2021-30572 CVE-2021-30573
CVE-2021-30574 CVE-2021-30575 CVE-2021-30576 CVE-2021-30578
CVE-2021-30579 CVE-2021-30581 CVE-2021-30582 CVE-2021-30584
CVE-2021-30585 CVE-2021-30588 CVE-2021-30589
Package : chromium
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-2200
The package chromium before version 92.0.4515.107-1 is vulnerable to
multiple issues including access restriction bypass, arbitrary code
execution, content spoofing, incorrect calculation, information
disclosure and insufficient validation.
Upgrade to 92.0.4515.107-1.
The problems have been fixed upstream in version 92.0.4515.107.
None.
An out of bounds write security issue has been found in the Tab Groups
component of the Chromium browser engine before version 92.0.4515.107.
A stack buffer overflow security issue has been found in the Printing
component of the Chromium browser engine before version 92.0.4515.107.
A use after free security issue has been found in the DevTools
component of the Chromium browser engine before version 92.0.4515.107.
A heap buffer overflow security issue has been found in the WebGL
component of the Chromium browser engine before version 92.0.4515.107.
A use after free security issue has been found in the sqlite component
of the Chromium browser engine before version 92.0.4515.107.
An insufficient policy enforcement security issue has been found in the
DevTools component of the Chromium browser engine before version
92.0.4515.107.
A use after free security issue has been found in the Autofill
component of the Chromium browser engine before version 92.0.4515.107.
A use after free security issue has been found in the GPU component of
the Chromium browser engine before version 92.0.4515.107.
A use after free security issue has been found in the protocol handling
component of the Chromium browser engine before version 92.0.4515.107.
An out of bounds read security issue has been found in the Autofill
component of the Chromium browser engine before version 92.0.4515.107.
A use after free security issue has been found in the DevTools
component of the Chromium browser engine before version 92.0.4515.107.
An uninitialized use security issue has been found in the Media
component of the Chromium browser engine before version 92.0.4515.107.
A use after free security issue has been found in the UI framework
component of the Chromium browser engine before version 92.0.4515.107.
A use after free security issue has been found in the DevTools
component of the Chromium browser engine before version 92.0.4515.107.
An inappropriate implementation security issue has been found in the
Animation component of the Chromium browser engine before version
92.0.4515.107.
An incorrect security UI security issue has been found in the Downloads
component of the Chromium browser engine before version 92.0.4515.107.
A use after free security issue has been found in the sensor handling
component of the Chromium browser engine before version 92.0.4515.107.
A type confusion security issue has been found in the V8 component of
the Chromium browser engine before version 92.0.4515.107.
An insufficient validation of untrusted input security issue has been
found in the Sharing component of the Chromium browser engine before
version 92.0.4515.107.
A remote attacker could execute arbitrary code or spoof content through
a crafted web page.
https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
https://crbug.com/1210985
https://crbug.com/1202661
https://crbug.com/1211326
https://crbug.com/1219886
https://crbug.com/1218707
https://crbug.com/1101897
https://crbug.com/1214234
https://crbug.com/1216822
https://crbug.com/1227315
https://crbug.com/1213313
https://crbug.com/1194896
https://crbug.com/1201074
https://crbug.com/1207277
https://crbug.com/1194431
https://crbug.com/1205981
https://crbug.com/1213350
https://crbug.com/1023503
https://crbug.com/1195650
https://crbug.com/1180510
https://security.archlinux.org/CVE-2021-30565
https://security.archlinux.org/CVE-2021-30566
https://security.archlinux.org/CVE-2021-30567
https://security.archlinux.org/CVE-2021-30568
https://security.archlinux.org/CVE-2021-30569
https://security.archlinux.org/CVE-2021-30571
https://security.archlinux.org/CVE-2021-30572
https://security.archlinux.org/CVE-2021-30573
https://security.archlinux.org/CVE-2021-30574
https://security.archlinux.org/CVE-2021-30575
https://security.archlinux.org/CVE-2021-30576
https://security.archlinux.org/CVE-2021-30578
https://security.archlinux.org/CVE-2021-30579
https://security.archlinux.org/CVE-2021-30581
https://security.archlinux.org/CVE-2021-30582
https://security.archlinux.org/CVE-2021-30584
https://security.archlinux.org/CVE-2021-30585
https://security.archlinux.org/CVE-2021-30588
https://security.archlinux.org/CVE-2021-30589
chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
crbug.com/1023503
crbug.com/1101897
crbug.com/1180510
crbug.com/1194431
crbug.com/1194896
crbug.com/1195650
crbug.com/1201074
crbug.com/1202661
crbug.com/1205981
crbug.com/1207277
crbug.com/1210985
crbug.com/1211326
crbug.com/1213313
crbug.com/1213350
crbug.com/1214234
crbug.com/1216822
crbug.com/1218707
crbug.com/1219886
crbug.com/1227315
security.archlinux.org/AVG-2200
security.archlinux.org/CVE-2021-30565
security.archlinux.org/CVE-2021-30566
security.archlinux.org/CVE-2021-30567
security.archlinux.org/CVE-2021-30568
security.archlinux.org/CVE-2021-30569
security.archlinux.org/CVE-2021-30571
security.archlinux.org/CVE-2021-30572
security.archlinux.org/CVE-2021-30573
security.archlinux.org/CVE-2021-30574
security.archlinux.org/CVE-2021-30575
security.archlinux.org/CVE-2021-30576
security.archlinux.org/CVE-2021-30578
security.archlinux.org/CVE-2021-30579
security.archlinux.org/CVE-2021-30581
security.archlinux.org/CVE-2021-30582
security.archlinux.org/CVE-2021-30584
security.archlinux.org/CVE-2021-30585
security.archlinux.org/CVE-2021-30588
security.archlinux.org/CVE-2021-30589
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.011 Low
EPSS
Percentile
84.1%