8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.007 Low
EPSS
Percentile
80.1%
Severity: High
Date : 2021-08-03
CVE-ID : CVE-2021-30590 CVE-2021-30591 CVE-2021-30592 CVE-2021-30593
CVE-2021-30594 CVE-2021-30596 CVE-2021-30597
Package : chromium
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-2246
The package chromium before version 92.0.4515.131-1 is vulnerable to
multiple issues including arbitrary code execution, information
disclosure and content spoofing.
Upgrade to 92.0.4515.131-1.
The problems have been fixed upstream in version 92.0.4515.131.
None.
A heap buffer overflow security issue has been found in the Bookmarks
component of the Chromium browser engine before version 92.0.4515.131.
A use after free security issue has been found in the File System API
component of the Chromium browser engine before version 92.0.4515.131.
An out of bounds write security issue has been found in the Tab Groups
component of the Chromium browser engine before version 92.0.4515.131.
An out of bounds read security issue has been found in the Tab Strip
component of the Chromium browser engine before version 92.0.4515.131.
A use after free security issue has been found in the Page Info UI
component of the Chromium browser engine before version 92.0.4515.131.
An incorrect security UI security issue has been found in the
Navigation component of the Chromium browser engine before version
92.0.4515.131.
A use after free security issue has been found in the Browser UI
component of the Chromium browser engine before version 92.0.4515.131.
A remote attacker could execute arbitrary code, disclose sensitive
information, or spoof content through crafted web pages.
https://chromereleases.googleblog.com/2021/08/the-stable-channel-has-been-updated-to.html
https://crbug.com/1227777
https://crbug.com/1229298
https://crbug.com/1209469
https://crbug.com/1209616
https://crbug.com/1218468
https://crbug.com/1214481
https://crbug.com/1232617
https://security.archlinux.org/CVE-2021-30590
https://security.archlinux.org/CVE-2021-30591
https://security.archlinux.org/CVE-2021-30592
https://security.archlinux.org/CVE-2021-30593
https://security.archlinux.org/CVE-2021-30594
https://security.archlinux.org/CVE-2021-30596
https://security.archlinux.org/CVE-2021-30597
chromereleases.googleblog.com/2021/08/the-stable-channel-has-been-updated-to.html
crbug.com/1209469
crbug.com/1209616
crbug.com/1214481
crbug.com/1218468
crbug.com/1227777
crbug.com/1229298
crbug.com/1232617
security.archlinux.org/AVG-2246
security.archlinux.org/CVE-2021-30590
security.archlinux.org/CVE-2021-30591
security.archlinux.org/CVE-2021-30592
security.archlinux.org/CVE-2021-30593
security.archlinux.org/CVE-2021-30594
security.archlinux.org/CVE-2021-30596
security.archlinux.org/CVE-2021-30597
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.007 Low
EPSS
Percentile
80.1%