Lucene search

K
attackerkbAttackerKBAKB:51E88AF4-0A81-4B72-8855-34DF072124D9
HistoryJul 02, 2021 - 12:00 a.m.

CVE-2021-30554

2021-07-0200:00:00
attackerkb.com
39

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.027

Percentile

90.5%

Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Recent assessments:

gwillcox-r7 at June 21, 2021 7:19pm UTC reported:

Apparently this is a UAF vulnerability in the WebGL component of Chrome that has been exploited in the wild according to <https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html&gt;. No further details at the moment other than that its triggered via JavaScript, which makes sense given this is a UAF vulnerability. As per usual, disable JavaScript where possible using plugins like NoScript if you want to mitigate the risk of this vulnerability somewhat, however its highly recommended to just update your Chrome and Edge browsers to the latest version available.

Assessed Attacker Value: 3
Assessed Attacker Value: 3Assessed Attacker Value: 2

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.027

Percentile

90.5%