[SECURITY] Fedora 33 Update: chromium-91.0.4472.114-2.fc33

2021-07-18T01:04:26

Description

Chromium is an open-source web browser, powered by WebKit (Blink).

Affected Package

OS	OS Version	Package Name	Package Version
Fedora	33	chromium	91.0.4472.114

{"id": "FEDORA:6987B3049380", "vendorId": null, "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 33 Update: chromium-91.0.4472.114-2.fc33", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "published": "2021-07-18T01:04:26", "modified": "2021-07-18T01:04:26", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ETMZL6IHCTCTREEL434BQ4THQ7EOHJ43/", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2021-30506", "CVE-2021-30507", "CVE-2021-30508", "CVE-2021-30509", "CVE-2021-30510", "CVE-2021-30511", "CVE-2021-30512", "CVE-2021-30513", "CVE-2021-30514", "CVE-2021-30515", "CVE-2021-30516", "CVE-2021-30517", "CVE-2021-30518", "CVE-2021-30519", "CVE-2021-30520", "CVE-2021-30521", "CVE-2021-30522", "CVE-2021-30523", "CVE-2021-30524", "CVE-2021-30525", "CVE-2021-30526", "CVE-2021-30527", "CVE-2021-30528", "CVE-2021-30529", "CVE-2021-30530", "CVE-2021-30531", "CVE-2021-30532", "CVE-2021-30533", "CVE-2021-30534", "CVE-2021-30535", "CVE-2021-30536", "CVE-2021-30537", "CVE-2021-30538", "CVE-2021-30539", "CVE-2021-30540", "CVE-2021-30544", "CVE-2021-30545", "CVE-2021-30546", "CVE-2021-30547", "CVE-2021-30548", "CVE-2021-30549", "CVE-2021-30550", "CVE-2021-30551", "CVE-2021-30552", "CVE-2021-30553", "CVE-2021-30554", "CVE-2021-30555", "CVE-2021-30556", "CVE-2021-30557"], "immutableFields": [], "lastseen": "2021-07-28T14:46:52", "viewCount": 37, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:2743", "ALSA-2021:2883"]}, {"type": "amazon", "idList": ["ALAS2-2021-1709"]}, {"type": "archlinux", "idList": ["ASA-202105-7", "ASA-202105-8", "ASA-202106-1", "ASA-202106-2", "ASA-202106-31", "ASA-202106-32", "ASA-202106-33", "ASA-202106-45", "ASA-202106-46", "ASA-202106-47", "ASA-202107-1", "ASA-202107-2", "ASA-202107-20", "ASA-202107-21", "ASA-202107-4"]}, {"type": "attackerkb", "idList": ["AKB:51E88AF4-0A81-4B72-8855-34DF072124D9", "AKB:732A3017-A62C-4347-9709-9B8790F47FA1", "AKB:F46F14CB-7C1B-414B-9261-B62EC6DF73CF"]}, {"type": "centos", "idList": ["CESA-2021:2741"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2021-0484", "CPAI-2021-1201"]}, {"type": "chrome", "idList": ["GCSA-6244807684233791030", "GCSA-7170632646642454608", "GCSA-8595288209200495327", "GCSA-8794598538337601472"]}, {"type": "cisa", "idList": ["CISA:D060813248AE96F3F62B7F67A176132F", "CISA:F9916EF5EF9E126FF62CF4162B96669F"]}, {"type": "cve", "idList": ["CVE-2021-30506", "CVE-2021-30507", "CVE-2021-30508", "CVE-2021-30509", "CVE-2021-30510", "CVE-2021-30511", "CVE-2021-30512", "CVE-2021-30513", "CVE-2021-30514", "CVE-2021-30515", "CVE-2021-30516", "CVE-2021-30517", "CVE-2021-30518", "CVE-2021-30519", "CVE-2021-30520", "CVE-2021-30521", "CVE-2021-30522", "CVE-2021-30523", "CVE-2021-30524", "CVE-2021-30525", "CVE-2021-30526", "CVE-2021-30527", "CVE-2021-30528", "CVE-2021-30529", "CVE-2021-30530", "CVE-2021-30531", "CVE-2021-30532", "CVE-2021-30533", "CVE-2021-30534", "CVE-2021-30535", "CVE-2021-30536", "CVE-2021-30537", "CVE-2021-30538", "CVE-2021-30539", "CVE-2021-30540", "CVE-2021-30544", "CVE-2021-30545", "CVE-2021-30546", "CVE-2021-30547", "CVE-2021-30548", "CVE-2021-30549", "CVE-2021-30550", "CVE-2021-30551", "CVE-2021-30552", "CVE-2021-30553", "CVE-2021-30554", "CVE-2021-30555", "CVE-2021-30556", "CVE-2021-30557"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2709-1:3F60F", "DEBIAN:DLA-2711-1:C6A4A", "DEBIAN:DSA-4917-1:75B06", "DEBIAN:DSA-4917-1:C4284", "DEBIAN:DSA-4939-1:368B7", "DEBIAN:DSA-4940-1:DAB47"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-30506", "DEBIANCVE:CVE-2021-30507", "DEBIANCVE:CVE-2021-30508", "DEBIANCVE:CVE-2021-30509", "DEBIANCVE:CVE-2021-30510", "DEBIANCVE:CVE-2021-30511", "DEBIANCVE:CVE-2021-30512", "DEBIANCVE:CVE-2021-30513", "DEBIANCVE:CVE-2021-30514", "DEBIANCVE:CVE-2021-30515", "DEBIANCVE:CVE-2021-30516", "DEBIANCVE:CVE-2021-30517", "DEBIANCVE:CVE-2021-30518", "DEBIANCVE:CVE-2021-30519", "DEBIANCVE:CVE-2021-30520", "DEBIANCVE:CVE-2021-30521", "DEBIANCVE:CVE-2021-30522", "DEBIANCVE:CVE-2021-30523", "DEBIANCVE:CVE-2021-30524", "DEBIANCVE:CVE-2021-30525", "DEBIANCVE:CVE-2021-30526", "DEBIANCVE:CVE-2021-30527", "DEBIANCVE:CVE-2021-30528", "DEBIANCVE:CVE-2021-30529", "DEBIANCVE:CVE-2021-30530", "DEBIANCVE:CVE-2021-30531", "DEBIANCVE:CVE-2021-30532", "DEBIANCVE:CVE-2021-30533", "DEBIANCVE:CVE-2021-30534", "DEBIANCVE:CVE-2021-30535", "DEBIANCVE:CVE-2021-30536", "DEBIANCVE:CVE-2021-30537", "DEBIANCVE:CVE-2021-30538", "DEBIANCVE:CVE-2021-30539", "DEBIANCVE:CVE-2021-30540", "DEBIANCVE:CVE-2021-30544", "DEBIANCVE:CVE-2021-30545", "DEBIANCVE:CVE-2021-30546", "DEBIANCVE:CVE-2021-30547", "DEBIANCVE:CVE-2021-30548", "DEBIANCVE:CVE-2021-30549", "DEBIANCVE:CVE-2021-30550", "DEBIANCVE:CVE-2021-30551", "DEBIANCVE:CVE-2021-30552", "DEBIANCVE:CVE-2021-30553", "DEBIANCVE:CVE-2021-30554", "DEBIANCVE:CVE-2021-30555", "DEBIANCVE:CVE-2021-30556", "DEBIANCVE:CVE-2021-30557"]}, {"type": "fedora", "idList": ["FEDORA:10E2D309BE14", "FEDORA:320513099EFA", "FEDORA:5A18430758F8", "FEDORA:75CA430AA7A6"]}, {"type": "freebsd", "idList": ["20B3AB21-C9DF-11EB-8558-3065EC8FD3EC", "3CAC007F-B27E-11EB-97A0-E09467587C17", "674ED047-BE0A-11EB-B927-3065EC8FD3EC", "AFDC7579-D023-11EB-BCAD-3065EC8FD3EC"]}, {"type": "gentoo", "idList": ["GLSA-202107-06", "GLSA-202202-03"]}, {"type": "github", "idList": ["GITHUB:D9472F716C46C02F88677DBAD0EEA334"]}, {"type": "githubexploit", "idList": ["55D44407-F5C9-50A9-B51D-0D4F668CD993"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:3B4F7E79DDCD0AFF3B9BB86429182DCA", "GOOGLEPROJECTZERO:CA925EE6A931620550EF819815B14156"]}, {"type": "kaspersky", "idList": ["KLA12165", "KLA12176", "KLA12188", "KLA12189", "KLA12192", "KLA12204", "KLA12205", "KLA12209", "KLA12210", "KLA12211", "KLA12215", "KLA12227", "KLA12228", "KLA12229"]}, {"type": "mageia", "idList": ["MGASA-2021-0354", "MGASA-2021-0355", "MGASA-2021-0455"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:390E663F11CA04293C83488A40CB3A8A"]}, {"type": "mozilla", "idList": ["MFSA2021-28", "MFSA2021-29", "MFSA2021-30"]}, {"type": "mscve", "idList": ["MS:CVE-2021-30506", "MS:CVE-2021-30507", "MS:CVE-2021-30508", "MS:CVE-2021-30509", "MS:CVE-2021-30510", "MS:CVE-2021-30511", "MS:CVE-2021-30512", "MS:CVE-2021-30513", "MS:CVE-2021-30514", "MS:CVE-2021-30515", "MS:CVE-2021-30516", "MS:CVE-2021-30517", "MS:CVE-2021-30518", "MS:CVE-2021-30519", "MS:CVE-2021-30520", "MS:CVE-2021-30521", "MS:CVE-2021-30522", "MS:CVE-2021-30523", "MS:CVE-2021-30524", "MS:CVE-2021-30525", "MS:CVE-2021-30526", "MS:CVE-2021-30527", "MS:CVE-2021-30528", "MS:CVE-2021-30529", "MS:CVE-2021-30530", "MS:CVE-2021-30531", "MS:CVE-2021-30532", "MS:CVE-2021-30533", "MS:CVE-2021-30534", "MS:CVE-2021-30535", "MS:CVE-2021-30536", "MS:CVE-2021-30537", "MS:CVE-2021-30538", "MS:CVE-2021-30539", "MS:CVE-2021-30540", "MS:CVE-2021-30544", "MS:CVE-2021-30545", "MS:CVE-2021-30546", "MS:CVE-2021-30547", "MS:CVE-2021-30548", "MS:CVE-2021-30549", "MS:CVE-2021-30550", "MS:CVE-2021-30551", "MS:CVE-2021-30552", "MS:CVE-2021-30553", "MS:CVE-2021-30554", "MS:CVE-2021-30555", "MS:CVE-2021-30556", "MS:CVE-2021-30557"]}, {"type": "nessus", "idList": ["701345.PASL", "701348.PASL", "701349.PASL", "AL2_ALAS-2021-1709.NASL", "CENTOS8_RHSA-2021-2743.NASL", "CENTOS8_RHSA-2021-2883.NASL", "CENTOS_RHSA-2021-2741.NASL", "DEBIAN_DLA-2709.NASL", "DEBIAN_DLA-2711.NASL", "DEBIAN_DSA-4917.NASL", "DEBIAN_DSA-4939.NASL", "DEBIAN_DSA-4940.NASL", "FREEBSD_PKG_20B3AB21C9DF11EB85583065EC8FD3EC.NASL", "FREEBSD_PKG_3CAC007FB27E11EB97A0E09467587C17.NASL", "FREEBSD_PKG_674ED047BE0A11EBB9273065EC8FD3EC.NASL", "FREEBSD_PKG_AFDC7579D02311EBBCAD3065EC8FD3EC.NASL", "GENTOO_GLSA-202107-06.NASL", "GENTOO_GLSA-202202-03.NASL", "GOOGLE_CHROME_90_0_4430_212.NASL", "GOOGLE_CHROME_91_0_4472_101.NASL", "GOOGLE_CHROME_91_0_4472_114.NASL", "GOOGLE_CHROME_91_0_4472_77.NASL", "MACOSX_GOOGLE_CHROME_90_0_4430_212.NASL", "MACOSX_GOOGLE_CHROME_91_0_4472_101.NASL", "MACOSX_GOOGLE_CHROME_91_0_4472_114.NASL", "MACOSX_GOOGLE_CHROME_91_0_4472_77.NASL", "MACOS_FIREFOX_78_12_ESR.NASL", "MACOS_FIREFOX_90_0.NASL", "MACOS_THUNDERBIRD_78_12.NASL", "MICROSOFT_EDGE_CHROMIUM_90_0_XXXXXX.NASL", "MICROSOFT_EDGE_CHROMIUM_91_0_864_37.NASL", "MICROSOFT_EDGE_CHROMIUM_91_0_864_48.NASL", "MICROSOFT_EDGE_CHROMIUM_91_0_864_54.NASL", "MOZILLA_FIREFOX_78_12_ESR.NASL", "MOZILLA_FIREFOX_90_0.NASL", "MOZILLA_THUNDERBIRD_78_12.NASL", "NEWSTART_CGSL_NS-SA-2022-0005_FIREFOX.NASL", "NEWSTART_CGSL_NS-SA-2022-0041_FIREFOX.NASL", "NEWSTART_CGSL_NS-SA-2022-0052_FIREFOX.NASL", "OPENSUSE-2021-1066.NASL", "OPENSUSE-2021-1091.NASL", "OPENSUSE-2021-2393.NASL", "OPENSUSE-2021-2458.NASL", "OPENSUSE-2021-742.NASL", "OPENSUSE-2021-762.NASL", "OPENSUSE-2021-825.NASL", "OPENSUSE-2021-828.NASL", "OPENSUSE-2021-829.NASL", "OPENSUSE-2021-881.NASL", "OPENSUSE-2021-898.NASL", "OPENSUSE-2021-938.NASL", "OPENSUSE-2021-949.NASL", "ORACLELINUX_ELSA-2021-2741.NASL", "ORACLELINUX_ELSA-2021-2743.NASL", "ORACLELINUX_ELSA-2021-2881.NASL", "ORACLELINUX_ELSA-2021-2883.NASL", "REDHAT-RHSA-2021-2740.NASL", "REDHAT-RHSA-2021-2741.NASL", "REDHAT-RHSA-2021-2742.NASL", "REDHAT-RHSA-2021-2743.NASL", "REDHAT-RHSA-2021-2881.NASL", "REDHAT-RHSA-2021-2882.NASL", "REDHAT-RHSA-2021-2883.NASL", "REDHAT-RHSA-2021-2914.NASL", "SL_20210715_FIREFOX_ON_SL7_X.NASL", "SL_20210726_THUNDERBIRD_ON_SL7_X.NASL", "SUSE_SU-2021-14766-1.NASL", "SUSE_SU-2021-2389-1.NASL", "SUSE_SU-2021-2393-1.NASL", "SUSE_SU-2021-2458-1.NASL", "SUSE_SU-2021-2478-1.NASL", "UBUNTU_USN-5011-1.NASL", "UBUNTU_USN-5058-1.NASL", "UBUNTU_USN-5156-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-2741", "ELSA-2021-2743", "ELSA-2021-2881", "ELSA-2021-2883"]}, {"type": "osv", "idList": ["OSV:DLA-2709-1", "OSV:DLA-2711-1", "OSV:DSA-4917-1", "OSV:DSA-4939-1", "OSV:DSA-4940-1"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:0082A77BD8EFFF48B406D107FEFD0DD3", "QUALYSBLOG:BC22CE22A3E70823D5F0E944CBD5CE4A"]}, {"type": "redhat", "idList": ["RHSA-2021:2740", "RHSA-2021:2741", "RHSA-2021:2742", "RHSA-2021:2743", "RHSA-2021:2881", "RHSA-2021:2882", "RHSA-2021:2883", "RHSA-2021:2914"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-30506", "RH:CVE-2021-30510", "RH:CVE-2021-30518", "RH:CVE-2021-30547", "RH:CVE-2021-30550", "RH:CVE-2021-30555"]}, {"type": "securelist", "idList": ["SECURELIST:BB0230F9CE86B3F1994060AA0A809C08"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:0742-1", "OPENSUSE-SU-2021:0762-1", "OPENSUSE-SU-2021:0825-1", "OPENSUSE-SU-2021:0828-1", "OPENSUSE-SU-2021:0829-1", "OPENSUSE-SU-2021:0840-1", "OPENSUSE-SU-2021:0881-1", "OPENSUSE-SU-2021:0898-1", "OPENSUSE-SU-2021:0938-1", "OPENSUSE-SU-2021:0948-1", "OPENSUSE-SU-2021:0949-1", "OPENSUSE-SU-2021:1066-1", "OPENSUSE-SU-2021:1091-1", "OPENSUSE-SU-2021:2393-1", "OPENSUSE-SU-2021:2458-1", "OPENSUSE-SU-2022:0110-1"]}, {"type": "talos", "idList": ["TALOS-2021-1251"]}, {"type": "thn", "idList": ["THN:1A836FDDE57334BC4DAFA65E6DFA02E4", "THN:4376782A3F009FEED68FDD2022A11EF5", "THN:4CC79A3CEFEDEB0DC9CF87C5B9035209", "THN:50D7C51FE6D69FC5DB5B37402AD0E412", "THN:62ECC5B73032124D6559355B66E1C469", "THN:6A9CD6F085628D08978727C0FF597535", "THN:7D7C05739ECD847B8CDEEAF930C51BF8", "THN:B7217784F9D53002315C9C43CCC73766", "THN:BBBFDA7EEE18F813A5DA572FD390D528", "THN:C736174C6B0ADC38AA88BC58F30271DA", "THN:CDCF433A7837180E1F294791C672C5BB"]}, {"type": "threatpost", "idList": ["THREATPOST:3697F9293A6DFF6CD5927E9E68FF488A", "THREATPOST:45B63C766965F5748AEC30DE709C8003", "THREATPOST:88DD5812D3C8652E304F32507E4F68DD", "THREATPOST:DE317ED7C5E4858FE861A15F96F6BCFD", "THREATPOST:EA23582BD77C428ACE9B9DB7D5741EB6"]}, {"type": "ubuntu", "idList": ["USN-5011-1", "USN-5058-1", "USN-5156-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-30506", "UB:CVE-2021-30507", "UB:CVE-2021-30508", "UB:CVE-2021-30509", "UB:CVE-2021-30510", "UB:CVE-2021-30511", "UB:CVE-2021-30512", "UB:CVE-2021-30513", "UB:CVE-2021-30514", "UB:CVE-2021-30515", "UB:CVE-2021-30516", "UB:CVE-2021-30517", "UB:CVE-2021-30518", "UB:CVE-2021-30519", "UB:CVE-2021-30520", "UB:CVE-2021-30521", "UB:CVE-2021-30522", "UB:CVE-2021-30523", "UB:CVE-2021-30524", "UB:CVE-2021-30525", "UB:CVE-2021-30526", "UB:CVE-2021-30527", "UB:CVE-2021-30528", "UB:CVE-2021-30529", "UB:CVE-2021-30530", "UB:CVE-2021-30531", "UB:CVE-2021-30532", "UB:CVE-2021-30533", "UB:CVE-2021-30534", "UB:CVE-2021-30535", "UB:CVE-2021-30536", "UB:CVE-2021-30537", "UB:CVE-2021-30538", "UB:CVE-2021-30539", "UB:CVE-2021-30540", "UB:CVE-2021-30544", "UB:CVE-2021-30545", "UB:CVE-2021-30546", "UB:CVE-2021-30547", "UB:CVE-2021-30548", "UB:CVE-2021-30549", "UB:CVE-2021-30550", "UB:CVE-2021-30551", "UB:CVE-2021-30552", "UB:CVE-2021-30553", "UB:CVE-2021-30554", "UB:CVE-2021-30555", "UB:CVE-2021-30556", "UB:CVE-2021-30557"]}, {"type": "veracode", "idList": ["VERACODE:30537", "VERACODE:30538", "VERACODE:30539", "VERACODE:30540", "VERACODE:30541", "VERACODE:30542", "VERACODE:30543", "VERACODE:30544", "VERACODE:30545", "VERACODE:30546", "VERACODE:30547", "VERACODE:30548", "VERACODE:30549", "VERACODE:30550", "VERACODE:30551", "VERACODE:30716", "VERACODE:30718", "VERACODE:30719", "VERACODE:30720", "VERACODE:30721", "VERACODE:30722", "VERACODE:30723", "VERACODE:30724", "VERACODE:30725", "VERACODE:30726", "VERACODE:30727", "VERACODE:30728", "VERACODE:30729", "VERACODE:30730", "VERACODE:30731", "VERACODE:30732", "VERACODE:30733", "VERACODE:30734", "VERACODE:30735", "VERACODE:30736", "VERACODE:30943", "VERACODE:30944", "VERACODE:30945", "VERACODE:30946", "VERACODE:30947", "VERACODE:30948", "VERACODE:30949", "VERACODE:30950", "VERACODE:30951", "VERACODE:30952"]}]}, "score": {"value": 1.8, "vector": "NONE"}, "backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:2743", "ALSA-2021:2883"]}, {"type": "amazon", "idList": ["ALAS2-2021-1709"]}, {"type": "archlinux", "idList": ["ASA-202105-7", "ASA-202105-8", "ASA-202106-1", "ASA-202106-2", "ASA-202106-31", "ASA-202106-32", "ASA-202106-33", "ASA-202106-45", "ASA-202106-46", "ASA-202106-47", "ASA-202107-20", "ASA-202107-21"]}, {"type": "attackerkb", "idList": ["AKB:51E88AF4-0A81-4B72-8855-34DF072124D9"]}, {"type": "centos", "idList": ["CESA-2021:2741"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2021-0484"]}, {"type": "chrome", "idList": ["GCSA-6244807684233791030", "GCSA-7170632646642454608", "GCSA-8595288209200495327", "GCSA-8794598538337601472"]}, {"type": "cisa", "idList": ["CISA:D060813248AE96F3F62B7F67A176132F", "CISA:F9916EF5EF9E126FF62CF4162B96669F"]}, {"type": "cve", "idList": ["CVE-2021-30506", "CVE-2021-30507", "CVE-2021-30508", "CVE-2021-30509", "CVE-2021-30510", "CVE-2021-30511", "CVE-2021-30512", "CVE-2021-30513", "CVE-2021-30514", "CVE-2021-30515", "CVE-2021-30516", "CVE-2021-30517", "CVE-2021-30518", "CVE-2021-30519", "CVE-2021-30520", "CVE-2021-30521", "CVE-2021-30522", "CVE-2021-30523", "CVE-2021-30524", "CVE-2021-30525", "CVE-2021-30526", "CVE-2021-30527", "CVE-2021-30528", "CVE-2021-30529", "CVE-2021-30530", "CVE-2021-30531", "CVE-2021-30532", "CVE-2021-30533", "CVE-2021-30534", "CVE-2021-30535", "CVE-2021-30536", "CVE-2021-30537", "CVE-2021-30538", "CVE-2021-30539", "CVE-2021-30540", "CVE-2021-30544", "CVE-2021-30545", "CVE-2021-30546", "CVE-2021-30547", "CVE-2021-30548", "CVE-2021-30549", "CVE-2021-30550", "CVE-2021-30551", "CVE-2021-30552", "CVE-2021-30553"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2709-1:3F60F", "DEBIAN:DLA-2711-1:C6A4A", "DEBIAN:DSA-4917-1:75B06", "DEBIAN:DSA-4939-1:368B7", "DEBIAN:DSA-4940-1:DAB47"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-30506", "DEBIANCVE:CVE-2021-30507", "DEBIANCVE:CVE-2021-30508", "DEBIANCVE:CVE-2021-30509", "DEBIANCVE:CVE-2021-30510", "DEBIANCVE:CVE-2021-30511", "DEBIANCVE:CVE-2021-30512", "DEBIANCVE:CVE-2021-30513", "DEBIANCVE:CVE-2021-30514", "DEBIANCVE:CVE-2021-30515", "DEBIANCVE:CVE-2021-30516", "DEBIANCVE:CVE-2021-30517", "DEBIANCVE:CVE-2021-30518", "DEBIANCVE:CVE-2021-30519", "DEBIANCVE:CVE-2021-30520", "DEBIANCVE:CVE-2021-30521", "DEBIANCVE:CVE-2021-30522", "DEBIANCVE:CVE-2021-30523", "DEBIANCVE:CVE-2021-30524", "DEBIANCVE:CVE-2021-30525", "DEBIANCVE:CVE-2021-30526", "DEBIANCVE:CVE-2021-30527", "DEBIANCVE:CVE-2021-30528", "DEBIANCVE:CVE-2021-30529", "DEBIANCVE:CVE-2021-30530", "DEBIANCVE:CVE-2021-30531", "DEBIANCVE:CVE-2021-30532", "DEBIANCVE:CVE-2021-30533", "DEBIANCVE:CVE-2021-30534", "DEBIANCVE:CVE-2021-30535", "DEBIANCVE:CVE-2021-30536", "DEBIANCVE:CVE-2021-30537", "DEBIANCVE:CVE-2021-30538", "DEBIANCVE:CVE-2021-30539", "DEBIANCVE:CVE-2021-30540", "DEBIANCVE:CVE-2021-30544", "DEBIANCVE:CVE-2021-30545", "DEBIANCVE:CVE-2021-30546", "DEBIANCVE:CVE-2021-30547", "DEBIANCVE:CVE-2021-30548", "DEBIANCVE:CVE-2021-30549", "DEBIANCVE:CVE-2021-30550", "DEBIANCVE:CVE-2021-30551", "DEBIANCVE:CVE-2021-30552", "DEBIANCVE:CVE-2021-30553", "DEBIANCVE:CVE-2021-30554", "DEBIANCVE:CVE-2021-30555", "DEBIANCVE:CVE-2021-30556", "DEBIANCVE:CVE-2021-30557"]}, {"type": "fedora", "idList": ["FEDORA:10E2D309BE14", "FEDORA:320513099EFA", "FEDORA:5A18430758F8"]}, {"type": "freebsd", "idList": ["20B3AB21-C9DF-11EB-8558-3065EC8FD3EC", "3CAC007F-B27E-11EB-97A0-E09467587C17", "674ED047-BE0A-11EB-B927-3065EC8FD3EC", "AFDC7579-D023-11EB-BCAD-3065EC8FD3EC"]}, {"type": "gentoo", "idList": ["GLSA-202107-06"]}, {"type": "githubexploit", "idList": ["55D44407-F5C9-50A9-B51D-0D4F668CD993"]}, {"type": "kaspersky", "idList": ["KLA12165", "KLA12176", "KLA12188", "KLA12189", "KLA12192", "KLA12204", "KLA12205", "KLA12209", "KLA12210", "KLA12211", "KLA12215", "KLA12227", "KLA12228", "KLA12229"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:390E663F11CA04293C83488A40CB3A8A"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/DEBIAN-CVE-2021-30506/", "MSF:ILITIES/DEBIAN-CVE-2021-30507/", "MSF:ILITIES/DEBIAN-CVE-2021-30508/", "MSF:ILITIES/DEBIAN-CVE-2021-30509/", "MSF:ILITIES/DEBIAN-CVE-2021-30510/", "MSF:ILITIES/DEBIAN-CVE-2021-30511/", "MSF:ILITIES/DEBIAN-CVE-2021-30512/", "MSF:ILITIES/DEBIAN-CVE-2021-30513/", "MSF:ILITIES/GENTOO-LINUX-CVE-2021-30554/", "MSF:ILITIES/GENTOO-LINUX-CVE-2021-30555/", "MSF:ILITIES/GENTOO-LINUX-CVE-2021-30556/", "MSF:ILITIES/GENTOO-LINUX-CVE-2021-30557/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-30509/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-30511/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-30522/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-30523/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-30528/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-30535/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-30536/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-30544/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-30545/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-30546/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-30547/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-30548/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-30549/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-30550/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-30551/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-30552/", "MSF:ILITIES/GOOGLE-CHROME-CVE-2021-30553/", "MSF:ILITIES/SUSE-CVE-2020-0034/", "MSF:ILITIES/SUSE-CVE-2021-30521/", "MSF:ILITIES/SUSE-CVE-2021-30522/", "MSF:ILITIES/SUSE-CVE-2021-30523/", "MSF:ILITIES/SUSE-CVE-2021-30525/", "MSF:ILITIES/SUSE-CVE-2021-30527/", "MSF:ILITIES/SUSE-CVE-2021-30529/", "MSF:ILITIES/SUSE-CVE-2021-30530/", "MSF:ILITIES/SUSE-CVE-2021-30535/", "MSF:ILITIES/SUSE-CVE-2021-30536/"]}, {"type": "mozilla", "idList": ["MFSA2021-28"]}, {"type": "mscve", "idList": ["MS:CVE-2021-30506", "MS:CVE-2021-30507", "MS:CVE-2021-30508", "MS:CVE-2021-30509", "MS:CVE-2021-30510", "MS:CVE-2021-30511", "MS:CVE-2021-30512", "MS:CVE-2021-30513", "MS:CVE-2021-30514", "MS:CVE-2021-30515", "MS:CVE-2021-30516", "MS:CVE-2021-30517", "MS:CVE-2021-30518", "MS:CVE-2021-30519", "MS:CVE-2021-30520", "MS:CVE-2021-30521", "MS:CVE-2021-30522", "MS:CVE-2021-30523", "MS:CVE-2021-30524", "MS:CVE-2021-30525", "MS:CVE-2021-30526", "MS:CVE-2021-30527", "MS:CVE-2021-30528", "MS:CVE-2021-30529", "MS:CVE-2021-30530", "MS:CVE-2021-30531", "MS:CVE-2021-30532", "MS:CVE-2021-30533", "MS:CVE-2021-30534", "MS:CVE-2021-30535", "MS:CVE-2021-30536", "MS:CVE-2021-30537", "MS:CVE-2021-30538", "MS:CVE-2021-30539", "MS:CVE-2021-30540", "MS:CVE-2021-30544", "MS:CVE-2021-30545", "MS:CVE-2021-30546", "MS:CVE-2021-30547", "MS:CVE-2021-30548", "MS:CVE-2021-30549", "MS:CVE-2021-30550", "MS:CVE-2021-30551", "MS:CVE-2021-30552", "MS:CVE-2021-30553", "MS:CVE-2021-30554", "MS:CVE-2021-30555", "MS:CVE-2021-30556", "MS:CVE-2021-30557"]}, {"type": "nessus", "idList": ["701345.PASL", "AL2_ALAS-2021-1709.NASL", "CENTOS8_RHSA-2021-2743.NASL", "CENTOS8_RHSA-2021-2883.NASL", "CENTOS_RHSA-2021-2741.NASL", "DEBIAN_DLA-2709.NASL", "DEBIAN_DLA-2711.NASL", "DEBIAN_DSA-4917.NASL", "DEBIAN_DSA-4939.NASL", "DEBIAN_DSA-4940.NASL", "FREEBSD_PKG_20B3AB21C9DF11EB85583065EC8FD3EC.NASL", "FREEBSD_PKG_3CAC007FB27E11EB97A0E09467587C17.NASL", "FREEBSD_PKG_674ED047BE0A11EBB9273065EC8FD3EC.NASL", "FREEBSD_PKG_AFDC7579D02311EBBCAD3065EC8FD3EC.NASL", "GOOGLE_CHROME_90_0_4430_212.NASL", "GOOGLE_CHROME_91_0_4472_101.NASL", "GOOGLE_CHROME_91_0_4472_114.NASL", "GOOGLE_CHROME_91_0_4472_77.NASL", "MACOSX_GOOGLE_CHROME_90_0_4430_212.NASL", "MACOSX_GOOGLE_CHROME_91_0_4472_101.NASL", "MACOSX_GOOGLE_CHROME_91_0_4472_114.NASL", "MACOSX_GOOGLE_CHROME_91_0_4472_77.NASL", "MICROSOFT_EDGE_CHROMIUM_90_0_XXXXXX.NASL", "MICROSOFT_EDGE_CHROMIUM_91_0_864_37.NASL", "MICROSOFT_EDGE_CHROMIUM_91_0_864_48.NASL", "MICROSOFT_EDGE_CHROMIUM_91_0_864_54.NASL", "MOZILLA_FIREFOX_78_12_ESR.NASL", "MOZILLA_FIREFOX_90_0.NASL", "MOZILLA_THUNDERBIRD_78_12.NASL", "OPENSUSE-2021-1066.NASL", "OPENSUSE-2021-2393.NASL", "OPENSUSE-2021-2458.NASL", "OPENSUSE-2021-742.NASL", "OPENSUSE-2021-762.NASL", "OPENSUSE-2021-825.NASL", "OPENSUSE-2021-828.NASL", "OPENSUSE-2021-829.NASL", "ORACLELINUX_ELSA-2021-2741.NASL", "ORACLELINUX_ELSA-2021-2743.NASL", "ORACLELINUX_ELSA-2021-2881.NASL", "ORACLELINUX_ELSA-2021-2883.NASL", "REDHAT-RHSA-2021-2740.NASL", "REDHAT-RHSA-2021-2741.NASL", "REDHAT-RHSA-2021-2742.NASL", "REDHAT-RHSA-2021-2743.NASL", "REDHAT-RHSA-2021-2881.NASL", "REDHAT-RHSA-2021-2882.NASL", "REDHAT-RHSA-2021-2883.NASL", "REDHAT-RHSA-2021-2914.NASL", "SL_20210715_FIREFOX_ON_SL7_X.NASL", "SL_20210726_THUNDERBIRD_ON_SL7_X.NASL", "SUSE_SU-2021-14766-1.NASL", "SUSE_SU-2021-2389-1.NASL", "SUSE_SU-2021-2393-1.NASL", "SUSE_SU-2021-2458-1.NASL", "SUSE_SU-2021-2478-1.NASL", "UBUNTU_USN-5011-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-2741", "ELSA-2021-2743", "ELSA-2021-2881", "ELSA-2021-2883"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:BC22CE22A3E70823D5F0E944CBD5CE4A"]}, {"type": "redhat", "idList": ["RHSA-2021:2743"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-30547"]}, {"type": "securelist", "idList": ["SECURELIST:BB0230F9CE86B3F1994060AA0A809C08"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:0742-1", "OPENSUSE-SU-2021:0762-1", "OPENSUSE-SU-2021:0825-1", "OPENSUSE-SU-2021:0828-1", "OPENSUSE-SU-2021:0829-1", "OPENSUSE-SU-2021:0840-1", "OPENSUSE-SU-2021:0881-1", "OPENSUSE-SU-2021:0898-1", "OPENSUSE-SU-2021:0938-1", "OPENSUSE-SU-2021:0948-1", "OPENSUSE-SU-2021:0949-1", "OPENSUSE-SU-2021:1066-1", "OPENSUSE-SU-2021:1091-1", "OPENSUSE-SU-2021:2393-1", "OPENSUSE-SU-2021:2458-1"]}, {"type": "talos", "idList": ["TALOS-2021-1251"]}, {"type": "thn", "idList": ["THN:1A836FDDE57334BC4DAFA65E6DFA02E4", "THN:4CC79A3CEFEDEB0DC9CF87C5B9035209", "THN:62ECC5B73032124D6559355B66E1C469", "THN:7D7C05739ECD847B8CDEEAF930C51BF8", "THN:BBBFDA7EEE18F813A5DA572FD390D528", "THN:C736174C6B0ADC38AA88BC58F30271DA", "THN:CDCF433A7837180E1F294791C672C5BB"]}, {"type": "threatpost", "idList": ["THREATPOST:88DD5812D3C8652E304F32507E4F68DD", "THREATPOST:EA23582BD77C428ACE9B9DB7D5741EB6"]}, {"type": "ubuntu", "idList": ["USN-5011-1", "USN-5156-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-30506", "UB:CVE-2021-30507", "UB:CVE-2021-30508", "UB:CVE-2021-30509", "UB:CVE-2021-30511", "UB:CVE-2021-30512", "UB:CVE-2021-30513", "UB:CVE-2021-30514", "UB:CVE-2021-30515", "UB:CVE-2021-30516", "UB:CVE-2021-30517", "UB:CVE-2021-30518", "UB:CVE-2021-30519", "UB:CVE-2021-30520", "UB:CVE-2021-30521", "UB:CVE-2021-30522", "UB:CVE-2021-30524", "UB:CVE-2021-30527", "UB:CVE-2021-30528", "UB:CVE-2021-30529", "UB:CVE-2021-30530", "UB:CVE-2021-30531", "UB:CVE-2021-30532", "UB:CVE-2021-30534", "UB:CVE-2021-30535", "UB:CVE-2021-30536", "UB:CVE-2021-30537", "UB:CVE-2021-30538", "UB:CVE-2021-30539", "UB:CVE-2021-30540", "UB:CVE-2021-30544", "UB:CVE-2021-30545", "UB:CVE-2021-30546", "UB:CVE-2021-30547", "UB:CVE-2021-30548", "UB:CVE-2021-30550", "UB:CVE-2021-30551", "UB:CVE-2021-30552", "UB:CVE-2021-30553", "UB:CVE-2021-30554", "UB:CVE-2021-30555", "UB:CVE-2021-30556", "UB:CVE-2021-30557"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2021-30506", "epss": "0.001940000", "percentile": "0.554510000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30507", "epss": "0.002870000", "percentile": "0.639230000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30508", "epss": "0.002190000", "percentile": "0.581320000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30509", "epss": "0.002080000", "percentile": "0.569830000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30510", "epss": "0.002870000", "percentile": "0.639230000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30511", "epss": "0.001680000", "percentile": "0.519170000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30512", "epss": "0.002870000", "percentile": "0.639230000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30513", "epss": "0.002870000", "percentile": "0.639230000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30514", "epss": "0.002870000", "percentile": "0.639230000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30515", "epss": "0.002870000", "percentile": "0.639230000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30516", "epss": "0.003030000", "percentile": "0.649360000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30517", "epss": "0.002480000", "percentile": "0.609230000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30518", "epss": "0.003030000", "percentile": "0.649360000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30519", "epss": "0.001900000", "percentile": "0.547910000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30520", "epss": "0.001900000", "percentile": "0.547910000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30521", "epss": "0.003030000", "percentile": "0.649360000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30522", "epss": "0.003610000", "percentile": "0.678770000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30523", "epss": "0.004520000", "percentile": "0.712340000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30524", "epss": "0.002080000", "percentile": "0.569830000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30525", "epss": "0.002210000", "percentile": "0.584720000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30526", "epss": "0.002080000", "percentile": "0.569830000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30527", "epss": "0.002080000", "percentile": "0.569830000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30528", "epss": "0.002480000", "percentile": "0.609230000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30529", "epss": "0.001650000", "percentile": "0.514610000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30530", "epss": "0.002380000", "percentile": "0.600890000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30531", "epss": "0.002300000", "percentile": "0.593800000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30532", "epss": "0.002260000", "percentile": "0.590580000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30533", "epss": "0.005390000", "percentile": "0.737110000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30534", "epss": "0.001620000", "percentile": "0.510960000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30535", "epss": "0.002590000", "percentile": "0.619530000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30536", "epss": "0.002330000", "percentile": "0.596160000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30537", "epss": "0.001760000", "percentile": "0.529800000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30538", "epss": "0.001590000", "percentile": "0.507100000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30539", "epss": "0.002260000", "percentile": "0.590580000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30540", "epss": "0.003240000", "percentile": "0.660500000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30544", "epss": "0.003200000", "percentile": "0.659100000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30545", "epss": "0.003200000", "percentile": "0.659100000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30546", "epss": "0.003200000", "percentile": "0.659100000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30547", "epss": "0.004550000", "percentile": "0.713400000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30548", "epss": "0.003200000", "percentile": "0.659100000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30549", "epss": "0.002210000", "percentile": "0.584720000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30550", "epss": "0.002210000", "percentile": "0.584720000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30551", "epss": "0.335030000", "percentile": "0.963600000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30552", "epss": "0.002210000", "percentile": "0.584720000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30553", "epss": "0.003200000", "percentile": "0.659100000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30554", "epss": "0.006800000", "percentile": "0.768950000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30555", "epss": "0.002340000", "percentile": "0.597180000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30556", "epss": "0.002810000", "percentile": "0.635690000", "modified": "2023-03-17"}, {"cve": "CVE-2021-30557", "epss": "0.002340000", "percentile": "0.597180000", "modified": "2023-03-17"}], "vulnersScore": 1.8}, "_state": {"dependencies": 1659998956, "score": 1659911120, "epss": 1679098904}, "_internal": {"score_hash": "e577079e2c0c1a41b54a0e3758e5595e"}, "affectedPackage": [{"OS": "Fedora", "OSVersion": "33", "arch": "any", "packageVersion": "91.0.4472.114", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "chromium"}]}

{"fedora": [{"lastseen": "2021-07-28T14:46:52", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-09T01:03:32", "type": "fedora", "title": "[SECURITY] Fedora 34 Update: chromium-91.0.4472.114-1.fc34", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30506", "CVE-2021-30507", "CVE-2021-30508", "CVE-2021-30509", "CVE-2021-30510", "CVE-2021-30511", "CVE-2021-30512", "CVE-2021-30513", "CVE-2021-30514", "CVE-2021-30515", "CVE-2021-30516", "CVE-2021-30517", "CVE-2021-30518", "CVE-2021-30519", "CVE-2021-30520", "CVE-2021-30521", "CVE-2021-30522", "CVE-2021-30523", "CVE-2021-30524", "CVE-2021-30525", "CVE-2021-30526", "CVE-2021-30527", "CVE-2021-30528", "CVE-2021-30529", "CVE-2021-30530", "CVE-2021-30531", "CVE-2021-30532", "CVE-2021-30533", "CVE-2021-30534", "CVE-2021-30535", "CVE-2021-30536", "CVE-2021-30537", "CVE-2021-30538", "CVE-2021-30539", "CVE-2021-30540", "CVE-2021-30544", "CVE-2021-30545", "CVE-2021-30546", "CVE-2021-30547", "CVE-2021-30548", "CVE-2021-30549", "CVE-2021-30550", "CVE-2021-30551", "CVE-2021-30552", "CVE-2021-30553", "CVE-2021-30554", "CVE-2021-30555", "CVE-2021-30556", "CVE-2021-30557"], "modified": "2021-07-09T01:03:32", "id": "FEDORA:10E2D309BE14", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/PAT6EOXVQFE6JFMFQF4IKAOUQSHMHL54/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:52", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-06-01T01:06:09", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: chromium-90.0.4430.212-1.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30506", "CVE-2021-30507", "CVE-2021-30509", "CVE-2021-30510", "CVE-2021-30511", "CVE-2021-30512", "CVE-2021-30513", "CVE-2021-30514", "CVE-2021-30515", "CVE-2021-30516", "CVE-2021-30517", "CVE-2021-30518", "CVE-2021-30519", "CVE-2021-30520"], "modified": "2021-06-01T01:06:09", "id": "FEDORA:320513099EFA", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FB3CMRUIDLYDNFY6WHEY7TT3VS2VKTU5/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:52", "description": "Chromium is an open-source web browser, powered by WebKit (Blink). ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-05-28T01:01:19", "type": "fedora", "title": "[SECURITY] Fedora 34 Update: chromium-90.0.4430.212-1.fc34", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30506", "CVE-2021-30507", "CVE-2021-30509", "CVE-2021-30510", "CVE-2021-30511", "CVE-2021-30512", "CVE-2021-30513", "CVE-2021-30514", "CVE-2021-30515", "CVE-2021-30516", "CVE-2021-30517", "CVE-2021-30518", "CVE-2021-30519", "CVE-2021-30520"], "modified": "2021-05-28T01:01:19", "id": "FEDORA:5A18430758F8", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/Q5ZBQXMFNUDQ2BVQTZJ3S6RD6JRUCVCE/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2022-01-17T18:58:28", "description": "### Background\n\nChromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. \n\nGoogle Chrome is one fast, simple, and secure browser for all your devices. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Chromium and Google Chrome. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could execute arbitrary code, escalate privileges, obtain sensitive information, spoof a URL or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Google Chrome users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-client/google-chrome-91.0.4472.114\"\n \n\nAll Chromium users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-client/chromium-91.0.4472.114\"", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-06T00:00:00", "type": "gentoo", "title": "Chromium, Google Chrome: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30506", "CVE-2021-30507", "CVE-2021-30508", "CVE-2021-30509", "CVE-2021-30510", "CVE-2021-30511", "CVE-2021-30512", "CVE-2021-30513", "CVE-2021-30514", "CVE-2021-30515", "CVE-2021-30516", "CVE-2021-30517", "CVE-2021-30518", "CVE-2021-30519", "CVE-2021-30520", "CVE-2021-30521", "CVE-2021-30522", "CVE-2021-30523", "CVE-2021-30524", "CVE-2021-30525", "CVE-2021-30526", "CVE-2021-30527", "CVE-2021-30528", "CVE-2021-30530", "CVE-2021-30531", "CVE-2021-30532", "CVE-2021-30533", "CVE-2021-30534", "CVE-2021-30536", "CVE-2021-30537", "CVE-2021-30538", "CVE-2021-30539", "CVE-2021-30540", "CVE-2021-30544", "CVE-2021-30545", "CVE-2021-30546", "CVE-2021-30548", "CVE-2021-30549", "CVE-2021-30550", "CVE-2021-30551", "CVE-2021-30552", "CVE-2021-30553", "CVE-2021-30554", "CVE-2021-30555", "CVE-2021-30556", "CVE-2021-30557"], "modified": "2021-07-06T00:00:00", "id": "GLSA-202107-06", "href": "https://security.gentoo.org/glsa/202107-06", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-02-02T14:50:00", "description": "The remote host is affected by the vulnerability described in GLSA-202107-06 (Chromium, Google Chrome: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium and Google Chrome. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could execute arbitrary code, escalate privileges, obtain sensitive information, spoof a URL or cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-01-24T00:00:00", "type": "nessus", "title": "GLSA-202107-06 : Chromium, Google Chrome: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30506", "CVE-2021-30507", "CVE-2021-30508", "CVE-2021-30509", "CVE-2021-30510", "CVE-2021-30511", "CVE-2021-30512", "CVE-2021-30513", "CVE-2021-30514", "CVE-2021-30515", "CVE-2021-30516", "CVE-2021-30517", "CVE-2021-30518", "CVE-2021-30519", "CVE-2021-30520", "CVE-2021-30521", "CVE-2021-30522", "CVE-2021-30523", "CVE-2021-30524", "CVE-2021-30525", "CVE-2021-30526", "CVE-2021-30527", "CVE-2021-30528", "CVE-2021-30530", "CVE-2021-30531", "CVE-2021-30532", "CVE-2021-30533", "CVE-2021-30534", "CVE-2021-30536", "CVE-2021-30537", "CVE-2021-30538", "CVE-2021-30539", "CVE-2021-30540", "CVE-2021-30544", "CVE-2021-30545", "CVE-2021-30546", "CVE-2021-30548", "CVE-2021-30549", "CVE-2021-30550", "CVE-2021-30551", "CVE-2021-30552", "CVE-2021-30553", "CVE-2021-30554", "CVE-2021-30555", "CVE-2021-30556", "CVE-2021-30557"], "modified": "2022-06-28T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:chromium", "p-cpe:/a:gentoo:linux:google-chrome", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202107-06.NASL", "href": "https://www.tenable.com/plugins/nessus/156995", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202107-06.\n#\n# The advisory text is Copyright (C) 2001-2022 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(156995);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/28\");\n\n script_cve_id(\"CVE-2021-30506\", \"CVE-2021-30507\", \"CVE-2021-30508\", \"CVE-2021-30509\", \"CVE-2021-30510\", \"CVE-2021-30511\", \"CVE-2021-30512\", \"CVE-2021-30513\", \"CVE-2021-30514\", \"CVE-2021-30515\", \"CVE-2021-30516\", \"CVE-2021-30517\", \"CVE-2021-30518\", \"CVE-2021-30519\", \"CVE-2021-30520\", \"CVE-2021-30521\", \"CVE-2021-30522\", \"CVE-2021-30523\", \"CVE-2021-30524\", \"CVE-2021-30525\", \"CVE-2021-30526\", \"CVE-2021-30527\", \"CVE-2021-30528\", \"CVE-2021-30530\", \"CVE-2021-30531\", \"CVE-2021-30532\", \"CVE-2021-30533\", \"CVE-2021-30534\", \"CVE-2021-30536\", \"CVE-2021-30537\", \"CVE-2021-30538\", \"CVE-2021-30539\", \"CVE-2021-30540\", \"CVE-2021-30544\", \"CVE-2021-30545\", \"CVE-2021-30546\", \"CVE-2021-30548\", \"CVE-2021-30549\", \"CVE-2021-30550\", \"CVE-2021-30551\", \"CVE-2021-30552\", \"CVE-2021-30553\", \"CVE-2021-30554\", \"CVE-2021-30555\", \"CVE-2021-30556\", \"CVE-2021-30557\");\n script_xref(name:\"GLSA\", value:\"202107-06\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/18\");\n\n script_name(english:\"GLSA-202107-06 : Chromium, Google Chrome: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-202107-06\n(Chromium, Google Chrome: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Chromium and Google\n Chrome. Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could execute arbitrary code, escalate privileges,\n obtain sensitive information, spoof a URL or cause a Denial of Service\n condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/202107-06\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All Google Chrome users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-client/google-chrome-91.0.4472.114'\n All Chromium users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-client/chromium-91.0.4472.114'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30557\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:google-chrome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-client/chromium\", unaffected:make_list(\"ge 91.0.4472.114\"), vulnerable:make_list(\"lt 91.0.4472.114\"))) flag++;\nif (qpkg_check(package:\"www-client/google-chrome\", unaffected:make_list(\"ge 91.0.4472.114\"), vulnerable:make_list(\"lt 91.0.4472.114\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Chromium / Google Chrome\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-18T14:24:14", "description": "Chrome Releases reports :\n\nThis release contains 32 security fixes, including :\n\n- [1208721] High CVE-2021-30521: Heap buffer overflow in Autofill.\nReported by ZhanJia Song on 2021-05-13\n\n- [1176218] High CVE-2021-30522: Use after free in WebAudio. Reported by Piotr Bania of Cisco Talos on 2021-02-09\n\n- [1187797] High CVE-2021-30523: Use after free in WebRTC. Reported by Tolyan Korniltsev on 2021-03-13\n\n- [1197146] High CVE-2021-30524: Use after free in TabStrip. Reported by David Erceg on 2021-04-08\n\n- [1197888] High CVE-2021-30525: Use after free in TabGroups. Reported by David Erceg on 2021-04-11\n\n- [1198717] High CVE-2021-30526: Out of bounds write in TabStrip.\nReported by David Erceg on 2021-04-13\n\n- [1199198] High CVE-2021-30527: Use after free in WebUI. Reported by David Erceg on 2021-04-15\n\n- [1206329] High CVE-2021-30528: Use after free in WebAuthentication.\nReported by Man Yue Mo of GitHub Security Lab on 2021-05-06\n\n- [1195278] Medium CVE-2021-30529: Use after free in Bookmarks.\nReported by koocola (@alo_cook) and Nan Wang (@eternalsakura13) of 360 Alpha Lab on 2021-04-02\n\n- [1201033] Medium CVE-2021-30530: Out of bounds memory access in WebAudio. Reported by kkwon on 2021-04-21\n\n- [1115628] Medium CVE-2021-30531: Insufficient policy enforcement in Content Security Policy. Reported by Philip Papurt on 2020-08-12\n\n- [1117687] Medium CVE-2021-30532: Insufficient policy enforcement in Content Security Policy. Reported by Philip Papurt on 2020-08-18\n\n- [1145553] Medium CVE-2021-30533: Insufficient policy enforcement in PopupBlocker. Reported by Eliya Stein on 2020-11-04\n\n- [1151507] Medium CVE-2021-30534: Insufficient policy enforcement in iFrameSandbox. Reported by Alesandro Ortiz on 2020-11-20\n\n- [1194899] Medium CVE-2021-30535: Double free in ICU. Reported by nocma, leogan, cheneyxu of WeChat Open Platform Security Team on 2021-04-01\n\n- [1145024] Medium CVE-2021-21212: Insufficient data validation in networking. Reported by Hugo Hue and Sze Yiu Chau of the Chinese University of Hong Kong on 2020-11-03\n\n- [1194358] Low CVE-2021-30536: Out of bounds read in V8. Reported by Chris Salls (@salls) on 2021-03-31\n\n- [830101] Low CVE-2021-30537: Insufficient policy enforcement in cookies. Reported by Jun Kokatsu (@shhnjk) on 2018-04-06\n\n- [1115045] Low CVE-2021-30538: Insufficient policy enforcement in content security policy. Reported by Tianze Ding (@D1iv3) of Tencent Security Xuanwu Lab on 2020-08-11\n\n- [971231] Low CVE-2021-30539: Insufficient policy enforcement in content security policy. Reported by unnamed researcher on 2019-06-05\n\n- [1184147] Low CVE-2021-30540: Incorrect security UI in payments.\nReported by @retsew0x01 on 2021-03-03", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-05-27T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (674ed047-be0a-11eb-b927-3065ec8fd3ec)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21212", "CVE-2021-30521", "CVE-2021-30522", "CVE-2021-30523", "CVE-2021-30524", "CVE-2021-30525", "CVE-2021-30526", "CVE-2021-30527", "CVE-2021-30528", "CVE-2021-30529", "CVE-2021-30530", "CVE-2021-30531", "CVE-2021-30532", "CVE-2021-30533", "CVE-2021-30534", "CVE-2021-30535", "CVE-2021-30536", "CVE-2021-30537", "CVE-2021-30538", "CVE-2021-30539", "CVE-2021-30540"], "modified": "2022-06-27T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_674ED047BE0A11EBB9273065EC8FD3EC.NASL", "href": "https://www.tenable.com/plugins/nessus/150015", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150015);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/27\");\n\n script_cve_id(\n \"CVE-2021-21212\",\n \"CVE-2021-30521\",\n \"CVE-2021-30522\",\n \"CVE-2021-30523\",\n \"CVE-2021-30524\",\n \"CVE-2021-30525\",\n \"CVE-2021-30526\",\n \"CVE-2021-30527\",\n \"CVE-2021-30528\",\n \"CVE-2021-30529\",\n \"CVE-2021-30530\",\n \"CVE-2021-30531\",\n \"CVE-2021-30532\",\n \"CVE-2021-30533\",\n \"CVE-2021-30534\",\n \"CVE-2021-30535\",\n \"CVE-2021-30536\",\n \"CVE-2021-30537\",\n \"CVE-2021-30538\",\n \"CVE-2021-30539\",\n \"CVE-2021-30540\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0253-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/18\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (674ed047-be0a-11eb-b927-3065ec8fd3ec)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing a security-related update.\");\n script_set_attribute(attribute:\"description\", value:\n\"Chrome Releases reports :\n\nThis release contains 32 security fixes, including :\n\n- [1208721] High CVE-2021-30521: Heap buffer overflow in Autofill.\nReported by ZhanJia Song on 2021-05-13\n\n- [1176218] High CVE-2021-30522: Use after free in WebAudio. Reported\nby Piotr Bania of Cisco Talos on 2021-02-09\n\n- [1187797] High CVE-2021-30523: Use after free in WebRTC. Reported by\nTolyan Korniltsev on 2021-03-13\n\n- [1197146] High CVE-2021-30524: Use after free in TabStrip. Reported\nby David Erceg on 2021-04-08\n\n- [1197888] High CVE-2021-30525: Use after free in TabGroups. Reported\nby David Erceg on 2021-04-11\n\n- [1198717] High CVE-2021-30526: Out of bounds write in TabStrip.\nReported by David Erceg on 2021-04-13\n\n- [1199198] High CVE-2021-30527: Use after free in WebUI. Reported by\nDavid Erceg on 2021-04-15\n\n- [1206329] High CVE-2021-30528: Use after free in WebAuthentication.\nReported by Man Yue Mo of GitHub Security Lab on 2021-05-06\n\n- [1195278] Medium CVE-2021-30529: Use after free in Bookmarks.\nReported by koocola (@alo_cook) and Nan Wang (@eternalsakura13) of 360\nAlpha Lab on 2021-04-02\n\n- [1201033] Medium CVE-2021-30530: Out of bounds memory access in\nWebAudio. Reported by kkwon on 2021-04-21\n\n- [1115628] Medium CVE-2021-30531: Insufficient policy enforcement in\nContent Security Policy. Reported by Philip Papurt on 2020-08-12\n\n- [1117687] Medium CVE-2021-30532: Insufficient policy enforcement in\nContent Security Policy. Reported by Philip Papurt on 2020-08-18\n\n- [1145553] Medium CVE-2021-30533: Insufficient policy enforcement in\nPopupBlocker. Reported by Eliya Stein on 2020-11-04\n\n- [1151507] Medium CVE-2021-30534: Insufficient policy enforcement in\niFrameSandbox. Reported by Alesandro Ortiz on 2020-11-20\n\n- [1194899] Medium CVE-2021-30535: Double free in ICU. Reported by\nnocma, leogan, cheneyxu of WeChat Open Platform Security Team on\n2021-04-01\n\n- [1145024] Medium CVE-2021-21212: Insufficient data validation in\nnetworking. Reported by Hugo Hue and Sze Yiu Chau of the Chinese\nUniversity of Hong Kong on 2020-11-03\n\n- [1194358] Low CVE-2021-30536: Out of bounds read in V8. Reported by\nChris Salls (@salls) on 2021-03-31\n\n- [830101] Low CVE-2021-30537: Insufficient policy enforcement in\ncookies. Reported by Jun Kokatsu (@shhnjk) on 2018-04-06\n\n- [1115045] Low CVE-2021-30538: Insufficient policy enforcement in\ncontent security policy. Reported by Tianze Ding (@D1iv3) of Tencent\nSecurity Xuanwu Lab on 2020-08-11\n\n- [971231] Low CVE-2021-30539: Insufficient policy enforcement in\ncontent security policy. Reported by unnamed researcher on 2019-06-05\n\n- [1184147] Low CVE-2021-30540: Incorrect security UI in payments.\nReported by @retsew0x01 on 2021-03-03\");\n # https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3a02fb7a\");\n # https://vuxml.freebsd.org/freebsd/674ed047-be0a-11eb-b927-3065ec8fd3ec.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b872e03f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30535\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<91.0.4472.77\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-18T14:23:45", "description": "The version of Google Chrome installed on the remote macOS host is prior to 91.0.4472.77. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_05_stable-channel-update-for-desktop_25 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-05-25T00:00:00", "type": "nessus", "title": "Google Chrome < 91.0.4472.77 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21212", "CVE-2021-30521", "CVE-2021-30522", "CVE-2021-30523", "CVE-2021-30524", "CVE-2021-30525", "CVE-2021-30526", "CVE-2021-30527", "CVE-2021-30528", "CVE-2021-30529", "CVE-2021-30530", "CVE-2021-30531", "CVE-2021-30532", "CVE-2021-30533", "CVE-2021-30534", "CVE-2021-30535", "CVE-2021-30536", "CVE-2021-30537", "CVE-2021-30538", "CVE-2021-30539", "CVE-2021-30540"], "modified": "2022-06-27T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_91_0_4472_77.NASL", "href": "https://www.tenable.com/plugins/nessus/149901", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149901);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/27\");\n\n script_cve_id(\n \"CVE-2021-21212\",\n \"CVE-2021-30521\",\n \"CVE-2021-30522\",\n \"CVE-2021-30523\",\n \"CVE-2021-30524\",\n \"CVE-2021-30525\",\n \"CVE-2021-30526\",\n \"CVE-2021-30527\",\n \"CVE-2021-30528\",\n \"CVE-2021-30529\",\n \"CVE-2021-30530\",\n \"CVE-2021-30531\",\n \"CVE-2021-30532\",\n \"CVE-2021-30533\",\n \"CVE-2021-30534\",\n \"CVE-2021-30535\",\n \"CVE-2021-30536\",\n \"CVE-2021-30537\",\n \"CVE-2021-30538\",\n \"CVE-2021-30539\",\n \"CVE-2021-30540\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0253-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/18\");\n\n script_name(english:\"Google Chrome < 91.0.4472.77 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 91.0.4472.77. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the 2021_05_stable-channel-update-for-desktop_25 advisory. Note that Nessus\nhas not tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3a02fb7a\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1208721\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1176218\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1187797\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1197146\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1197888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1198717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1199198\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1206329\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1195278\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1201033\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1115628\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1117687\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1145553\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1151507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1194899\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1145024\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1194358\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/830101\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1115045\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/971231\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1184147\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 91.0.4472.77 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30535\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'91.0.4472.77', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-19T14:30:21", "description": "This update for chromium fixes the following issues :\n\nChromium 91.0.4472.77 (boo#1186458) :\n\n - Support Managed configuration API for Web Applications\n\n - WebOTP API: cross-origin iframe support\n\n - CSS custom counter styles\n\n - Support JSON Modules\n\n - Clipboard: read-only files support\n\n - Remove webkitBeforeTextInserted & webkitEditableCOntentChanged JS events\n\n - Honor media HTML attribute for link icon\n\n - Import Assertions\n\n - Class static initializer blocks\n\n - Ergonomic brand checks for private fields\n\n - Expose WebAssembly SIMD\n\n - New Feature: WebTransport\n\n - ES Modules for service workers ('module' type option)\n\n - Suggested file name and location for the File System Access API\n\n - adaptivePTime property for RTCRtpEncodingParameters\n\n - Block HTTP port 10080 - mitigation for NAT Slipstream 2.0 attack\n\n - Support WebSockets over HTTP/2\n\n - Support 103 Early Hints for Navigation\n\n - CVE-2021-30521: Heap buffer overflow in Autofill\n\n - CVE-2021-30522: Use after free in WebAudio\n\n - CVE-2021-30523: Use after free in WebRTC\n\n - CVE-2021-30524: Use after free in TabStrip\n\n - CVE-2021-30525: Use after free in TabGroups\n\n - CVE-2021-30526: Out of bounds write in TabStrip\n\n - CVE-2021-30527: Use after free in WebUI\n\n - CVE-2021-30528: Use after free in WebAuthentication\n\n - CVE-2021-30529: Use after free in Bookmarks\n\n - CVE-2021-30530: Out of bounds memory access in WebAudio\n\n - CVE-2021-30531: Insufficient policy enforcement in Content Security Policy\n\n - CVE-2021-30532: Insufficient policy enforcement in Content Security Policy\n\n - CVE-2021-30533: Insufficient policy enforcement in PopupBlocker\n\n - CVE-2021-30534: Insufficient policy enforcement in iFrameSandbox\n\n - CVE-2021-30535: Double free in ICU\n\n - CVE-2021-21212: Insufficient data validation in networking\n\n - CVE-2021-30536: Out of bounds read in V8\n\n - CVE-2021-30537: Insufficient policy enforcement in cookies\n\n - CVE-2021-30538: Insufficient policy enforcement in content security policy\n\n - CVE-2021-30539: Insufficient policy enforcement in content security policy\n\n - CVE-2021-30540: Incorrect security UI in payments\n\n - Various fixes from internal audits, fuzzing and other initiatives", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-04T00:00:00", "type": "nessus", "title": "openSUSE Security Update : chromium (openSUSE-2021-825)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21212", "CVE-2021-30521", "CVE-2021-30522", "CVE-2021-30523", "CVE-2021-30524", "CVE-2021-30525", "CVE-2021-30526", "CVE-2021-30527", "CVE-2021-30528", "CVE-2021-30529", "CVE-2021-30530", "CVE-2021-30531", "CVE-2021-30532", "CVE-2021-30533", "CVE-2021-30534", "CVE-2021-30535", "CVE-2021-30536", "CVE-2021-30537", "CVE-2021-30538", "CVE-2021-30539", "CVE-2021-30540"], "modified": "2022-06-27T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debuginfo", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-825.NASL", "href": "https://www.tenable.com/plugins/nessus/150269", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2021-825.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150269);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/27\");\n\n script_cve_id(\n \"CVE-2021-21212\",\n \"CVE-2021-30521\",\n \"CVE-2021-30522\",\n \"CVE-2021-30523\",\n \"CVE-2021-30524\",\n \"CVE-2021-30525\",\n \"CVE-2021-30526\",\n \"CVE-2021-30527\",\n \"CVE-2021-30528\",\n \"CVE-2021-30529\",\n \"CVE-2021-30530\",\n \"CVE-2021-30531\",\n \"CVE-2021-30532\",\n \"CVE-2021-30533\",\n \"CVE-2021-30534\",\n \"CVE-2021-30535\",\n \"CVE-2021-30536\",\n \"CVE-2021-30537\",\n \"CVE-2021-30538\",\n \"CVE-2021-30539\",\n \"CVE-2021-30540\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/18\");\n\n script_name(english:\"openSUSE Security Update : chromium (openSUSE-2021-825)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for chromium fixes the following issues :\n\nChromium 91.0.4472.77 (boo#1186458) :\n\n - Support Managed configuration API for Web Applications\n\n - WebOTP API: cross-origin iframe support\n\n - CSS custom counter styles\n\n - Support JSON Modules\n\n - Clipboard: read-only files support\n\n - Remove webkitBeforeTextInserted &\n webkitEditableCOntentChanged JS events\n\n - Honor media HTML attribute for link icon\n\n - Import Assertions\n\n - Class static initializer blocks\n\n - Ergonomic brand checks for private fields\n\n - Expose WebAssembly SIMD\n\n - New Feature: WebTransport\n\n - ES Modules for service workers ('module' type option)\n\n - Suggested file name and location for the File System\n Access API\n\n - adaptivePTime property for RTCRtpEncodingParameters\n\n - Block HTTP port 10080 - mitigation for NAT Slipstream\n 2.0 attack\n\n - Support WebSockets over HTTP/2\n\n - Support 103 Early Hints for Navigation\n\n - CVE-2021-30521: Heap buffer overflow in Autofill\n\n - CVE-2021-30522: Use after free in WebAudio\n\n - CVE-2021-30523: Use after free in WebRTC\n\n - CVE-2021-30524: Use after free in TabStrip\n\n - CVE-2021-30525: Use after free in TabGroups\n\n - CVE-2021-30526: Out of bounds write in TabStrip\n\n - CVE-2021-30527: Use after free in WebUI\n\n - CVE-2021-30528: Use after free in WebAuthentication\n\n - CVE-2021-30529: Use after free in Bookmarks\n\n - CVE-2021-30530: Out of bounds memory access in WebAudio\n\n - CVE-2021-30531: Insufficient policy enforcement in\n Content Security Policy\n\n - CVE-2021-30532: Insufficient policy enforcement in\n Content Security Policy\n\n - CVE-2021-30533: Insufficient policy enforcement in\n PopupBlocker\n\n - CVE-2021-30534: Insufficient policy enforcement in\n iFrameSandbox\n\n - CVE-2021-30535: Double free in ICU\n\n - CVE-2021-21212: Insufficient data validation in\n networking\n\n - CVE-2021-30536: Out of bounds read in V8\n\n - CVE-2021-30537: Insufficient policy enforcement in\n cookies\n\n - CVE-2021-30538: Insufficient policy enforcement in\n content security policy\n\n - CVE-2021-30539: Insufficient policy enforcement in\n content security policy\n\n - CVE-2021-30540: Incorrect security UI in payments\n\n - Various fixes from internal audits, fuzzing and other\n initiatives\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1186458\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30535\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromedriver-91.0.4472.77-lp152.2.98.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromedriver-debuginfo-91.0.4472.77-lp152.2.98.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromium-91.0.4472.77-lp152.2.98.1\", allowmaj:TRUE) ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromium-debuginfo-91.0.4472.77-lp152.2.98.1\", allowmaj:TRUE) ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-18T14:23:56", "description": "The version of Google Chrome installed on the remote Windows host is prior to 91.0.4472.77. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_05_stable-channel-update-for-desktop_25 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-05-25T00:00:00", "type": "nessus", "title": "Google Chrome < 91.0.4472.77 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21212", "CVE-2021-30521", "CVE-2021-30522", "CVE-2021-30523", "CVE-2021-30524", "CVE-2021-30525", "CVE-2021-30526", "CVE-2021-30527", "CVE-2021-30528", "CVE-2021-30529", "CVE-2021-30530", "CVE-2021-30531", "CVE-2021-30532", "CVE-2021-30533", "CVE-2021-30534", "CVE-2021-30535", "CVE-2021-30536", "CVE-2021-30537", "CVE-2021-30538", "CVE-2021-30539", "CVE-2021-30540"], "modified": "2022-06-27T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_91_0_4472_77.NASL", "href": "https://www.tenable.com/plugins/nessus/149900", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149900);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/27\");\n\n script_cve_id(\n \"CVE-2021-21212\",\n \"CVE-2021-30521\",\n \"CVE-2021-30522\",\n \"CVE-2021-30523\",\n \"CVE-2021-30524\",\n \"CVE-2021-30525\",\n \"CVE-2021-30526\",\n \"CVE-2021-30527\",\n \"CVE-2021-30528\",\n \"CVE-2021-30529\",\n \"CVE-2021-30530\",\n \"CVE-2021-30531\",\n \"CVE-2021-30532\",\n \"CVE-2021-30533\",\n \"CVE-2021-30534\",\n \"CVE-2021-30535\",\n \"CVE-2021-30536\",\n \"CVE-2021-30537\",\n \"CVE-2021-30538\",\n \"CVE-2021-30539\",\n \"CVE-2021-30540\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0253-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/18\");\n\n script_name(english:\"Google Chrome < 91.0.4472.77 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 91.0.4472.77. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2021_05_stable-channel-update-for-desktop_25 advisory. Note that Nessus\nhas not tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3a02fb7a\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1208721\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1176218\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1187797\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1197146\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1197888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1198717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1199198\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1206329\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1195278\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1201033\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1115628\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1117687\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1145553\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1151507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1194899\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1145024\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1194358\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/830101\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1115045\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/971231\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1184147\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 91.0.4472.77 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30535\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\ninstalls = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'91.0.4472.77', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-18T14:23:36", "description": "The version of Google Chrome installed on the remote macOS host is prior to 90.0.4430.212. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_05_stable-channel-update-for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-05-12T00:00:00", "type": "nessus", "title": "Google Chrome < 90.0.4430.212 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30506", "CVE-2021-30507", "CVE-2021-30508", "CVE-2021-30509", "CVE-2021-30510", "CVE-2021-30511", "CVE-2021-30512", "CVE-2021-30513", "CVE-2021-30514", "CVE-2021-30515", "CVE-2021-30516", "CVE-2021-30517", "CVE-2021-30518", "CVE-2021-30519", "CVE-2021-30520"], "modified": "2021-06-10T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_90_0_4430_212.NASL", "href": "https://www.tenable.com/plugins/nessus/149413", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149413);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/10\");\n\n script_cve_id(\n \"CVE-2021-30506\",\n \"CVE-2021-30507\",\n \"CVE-2021-30508\",\n \"CVE-2021-30509\",\n \"CVE-2021-30510\",\n \"CVE-2021-30511\",\n \"CVE-2021-30512\",\n \"CVE-2021-30513\",\n \"CVE-2021-30514\",\n \"CVE-2021-30515\",\n \"CVE-2021-30516\",\n \"CVE-2021-30517\",\n \"CVE-2021-30518\",\n \"CVE-2021-30519\",\n \"CVE-2021-30520\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0241-S\");\n\n script_name(english:\"Google Chrome < 90.0.4430.212 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 90.0.4430.212. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the 2021_05_stable-channel-update-for-desktop advisory. Note that Nessus has\nnot tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6e7dcca1\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1180126\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1178202\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1195340\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1196309\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1197436\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1197875\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1200019\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1200490\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1200766\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1201073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1201446\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1203122\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1203590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1194058\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1193362\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 90.0.4430.212 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30520\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'90.0.4430.212', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-18T14:23:46", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 90.0.xxxxxx. It is, therefore, affected by multiple vulnerabilities as referenced in the May 13, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-05-14T00:00:00", "type": "nessus", "title": "Microsoft Edge (Chromium) < 90.0.xxxxxx Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30506", "CVE-2021-30507", "CVE-2021-30508", "CVE-2021-30509", "CVE-2021-30510", "CVE-2021-30511", "CVE-2021-30512", "CVE-2021-30513", "CVE-2021-30514", "CVE-2021-30515", "CVE-2021-30516", "CVE-2021-30517", "CVE-2021-30518", "CVE-2021-30519", "CVE-2021-30520"], "modified": "2021-06-10T00:00:00", "cpe": ["cpe:/a:microsoft:edge"], "id": "MICROSOFT_EDGE_CHROMIUM_90_0_XXXXXX.NASL", "href": "https://www.tenable.com/plugins/nessus/149476", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149476);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/10\");\n\n script_cve_id(\n \"CVE-2021-30506\",\n \"CVE-2021-30507\",\n \"CVE-2021-30508\",\n \"CVE-2021-30509\",\n \"CVE-2021-30510\",\n \"CVE-2021-30511\",\n \"CVE-2021-30512\",\n \"CVE-2021-30513\",\n \"CVE-2021-30514\",\n \"CVE-2021-30515\",\n \"CVE-2021-30516\",\n \"CVE-2021-30517\",\n \"CVE-2021-30518\",\n \"CVE-2021-30519\",\n \"CVE-2021-30520\"\n );\n\n script_name(english:\"Microsoft Edge (Chromium) < 90.0.xxxxxx Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 90.0.xxxxxx. It is, therefore, affected\nby multiple vulnerabilities as referenced in the May 13, 2021 advisory. Note that Nessus has not tested for this issue\nbut has instead relied only on the application's self-reported version number.\");\n # https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#may-13-2021\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9cc1dc08\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30506\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30508\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30510\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30511\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30512\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30513\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30515\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30517\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30518\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30519\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30520\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 90.0.xxxxxx or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30520\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\napp_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nconstraints = [\n { 'fixed_version' : '90.0.xxxxxx' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-18T14:24:05", "description": "Several vulnerabilities have been discovered in the chromium web browser.\n\n - CVE-2021-30506 @retsew0x01 discovered an error in the Web App installation interface.\n\n - CVE-2021-30507 Alison Huffman discovered an error in the Offline mode.\n\n - CVE-2021-30508 Leecraso and Guang Gong discovered a buffer overflow issue in the Media Feeds implementation.\n\n - CVE-2021-30509 David Erceg discovered an out-of-bounds write issue in the Tab Strip implementation.\n\n - CVE-2021-30510 Weipeng Jiang discovered a race condition in the aura window manager.\n\n - CVE-2021-30511 David Erceg discovered an out-of-bounds read issue in the Tab Strip implementation.\n\n - CVE-2021-30512 ZhanJia Song discovered a use-after-free issue in the notifications implementation.\n\n - CVE-2021-30513 Man Yue Mo discovered an incorrect type in the v8 JavaScript library.\n\n - CVE-2021-30514 koocola and Wang discovered a use-after-free issue in the Autofill feature.\n\n - CVE-2021-30515 Rong Jian and Guang Gong discovered a use-after-free issue in the file system access API.\n\n - CVE-2021-30516 ZhanJia Song discovered a buffer overflow issue in the browsing history.\n\n - CVE-2021-30517 Jun Kokatsu discovered a buffer overflow issue in the reader mode.\n\n - CVE-2021-30518 laural discovered use of an incorrect type in the v8 JavaScript library.\n\n - CVE-2021-30519 asnine discovered a use-after-free issue in the Payments feature.\n\n - CVE-2021-30520 Khalil Zhani discovered a use-after-free issue in the Tab Strip implementation.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-05-18T00:00:00", "type": "nessus", "title": "Debian DSA-4917-1 : chromium - security update", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30506", "CVE-2021-30507", "CVE-2021-30508", "CVE-2021-30509", "CVE-2021-30510", "CVE-2021-30511", "CVE-2021-30512", "CVE-2021-30513", "CVE-2021-30514", "CVE-2021-30515", "CVE-2021-30516", "CVE-2021-30517", "CVE-2021-30518", "CVE-2021-30519", "CVE-2021-30520"], "modified": "2021-06-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:chromium", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4917.NASL", "href": "https://www.tenable.com/plugins/nessus/149635", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4917. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(149635);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/11\");\n\n script_cve_id(\"CVE-2021-30506\", \"CVE-2021-30507\", \"CVE-2021-30508\", \"CVE-2021-30509\", \"CVE-2021-30510\", \"CVE-2021-30511\", \"CVE-2021-30512\", \"CVE-2021-30513\", \"CVE-2021-30514\", \"CVE-2021-30515\", \"CVE-2021-30516\", \"CVE-2021-30517\", \"CVE-2021-30518\", \"CVE-2021-30519\", \"CVE-2021-30520\");\n script_xref(name:\"DSA\", value:\"4917\");\n\n script_name(english:\"Debian DSA-4917-1 : chromium - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the chromium web\nbrowser.\n\n - CVE-2021-30506\n @retsew0x01 discovered an error in the Web App\n installation interface.\n\n - CVE-2021-30507\n Alison Huffman discovered an error in the Offline mode.\n\n - CVE-2021-30508\n Leecraso and Guang Gong discovered a buffer overflow\n issue in the Media Feeds implementation.\n\n - CVE-2021-30509\n David Erceg discovered an out-of-bounds write issue in\n the Tab Strip implementation.\n\n - CVE-2021-30510\n Weipeng Jiang discovered a race condition in the aura\n window manager.\n\n - CVE-2021-30511\n David Erceg discovered an out-of-bounds read issue in\n the Tab Strip implementation.\n\n - CVE-2021-30512\n ZhanJia Song discovered a use-after-free issue in the\n notifications implementation.\n\n - CVE-2021-30513\n Man Yue Mo discovered an incorrect type in the v8\n JavaScript library.\n\n - CVE-2021-30514\n koocola and Wang discovered a use-after-free issue in\n the Autofill feature.\n\n - CVE-2021-30515\n Rong Jian and Guang Gong discovered a use-after-free\n issue in the file system access API.\n\n - CVE-2021-30516\n ZhanJia Song discovered a buffer overflow issue in the\n browsing history.\n\n - CVE-2021-30517\n Jun Kokatsu discovered a buffer overflow issue in the\n reader mode.\n\n - CVE-2021-30518\n laural discovered use of an incorrect type in the v8\n JavaScript library.\n\n - CVE-2021-30519\n asnine discovered a use-after-free issue in the Payments\n feature.\n\n - CVE-2021-30520\n Khalil Zhani discovered a use-after-free issue in the\n Tab Strip implementation.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-30506\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-30507\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-30508\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-30509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-30510\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-30511\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-30512\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-30513\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-30514\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-30515\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-30516\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-30517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-30518\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-30519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-30520\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/chromium\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/chromium\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2021/dsa-4917\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the chromium packages.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 90.0.4430.212-1~deb10u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30520\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"chromium\", reference:\"90.0.4430.212-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-common\", reference:\"90.0.4430.212-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-driver\", reference:\"90.0.4430.212-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-l10n\", reference:\"90.0.4430.212-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-sandbox\", reference:\"90.0.4430.212-1~deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"chromium-shell\", reference:\"90.0.4430.212-1~deb10u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-18T14:25:02", "description": "This update for opera fixes the following issues :\n\nUpdate to version 76.0.4017.154\n\n - CHR-8420 Update chromium on desktop-stable-90-4017 to 90.0.4430.212\n\n - DNA-92411 Bookmarks breadcrumbs wrong color when pressed in dark mode\n\n - DNA-92587 Sync settings: “Use old password”\n button doesn’t work\n\n - DNA-92672 Make it possible for agent to inject scripts into startpage\n\n - DNA-92712 Add SD reload API\n\n - DNA-93190 The bookmark can’t be opened in Workspace 5-6\n\n - DNA-93247 Reopen last closed tab shortcut opens random tab on new window\n\n - DNA-93294 Binary diff for opera_browser.dll is not created on 32-bit builds\n\n - DNA-93313 Add opauto test to cover DNA-93190\n\n - DNA-93368 Fix an error in Polish translation\n\n - DNA-93408 [Windows] widevine_cdm_component_installer does not compile on desktop-stable-90-4017\n\n - The update to chromium 90.0.4430.212 fixes following issues: CVE-2021-30506, CVE-2021-30507, CVE-2021-30508, CVE-2021-30509, CVE-2021-30510, CVE-2021-30511, CVE-2021-30512, CVE-2021-30513, CVE-2021-30514, CVE-2021-30515, CVE-2021-30516, CVE-2021-30517, CVE-2021-30518, CVE-2021-30519, CVE-2021-30520", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-04T00:00:00", "type": "nessus", "title": "openSUSE Security Update : opera (openSUSE-2021-828)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30506", "CVE-2021-30507", "CVE-2021-30508", "CVE-2021-30509", "CVE-2021-30510", "CVE-2021-30511", "CVE-2021-30512", "CVE-2021-30513", "CVE-2021-30514", "CVE-2021-30515", "CVE-2021-30516", "CVE-2021-30517", "CVE-2021-30518", "CVE-2021-30519", "CVE-2021-30520"], "modified": "2021-06-11T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:opera", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2021-828.NASL", "href": "https://www.tenable.com/plugins/nessus/150261", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2021-828.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(150261);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/11\");\n\n script_cve_id(\"CVE-2021-30506\", \"CVE-2021-30507\", \"CVE-2021-30508\", \"CVE-2021-30509\", \"CVE-2021-30510\", \"CVE-2021-30511\", \"CVE-2021-30512\", \"CVE-2021-30513\", \"CVE-2021-30514\", \"CVE-2021-30515\", \"CVE-2021-30516\", \"CVE-2021-30517\", \"CVE-2021-30518\", \"CVE-2021-30519\", \"CVE-2021-30520\");\n\n script_name(english:\"openSUSE Security Update : opera (openSUSE-2021-828)\");\n script_summary(english:\"Check for the openSUSE-2021-828 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for opera fixes the following issues :\n\nUpdate to version 76.0.4017.154\n\n - CHR-8420 Update chromium on desktop-stable-90-4017 to\n 90.0.4430.212\n\n - DNA-92411 Bookmarks breadcrumbs wrong color when pressed\n in dark mode\n\n - DNA-92587 Sync settings: “Use old password”\n button doesn’t work\n\n - DNA-92672 Make it possible for agent to inject scripts\n into startpage\n\n - DNA-92712 Add SD reload API\n\n - DNA-93190 The bookmark can’t be opened in\n Workspace 5-6\n\n - DNA-93247 Reopen last closed tab shortcut opens random\n tab on new window\n\n - DNA-93294 Binary diff for opera_browser.dll is not\n created on 32-bit builds\n\n - DNA-93313 Add opauto test to cover DNA-93190\n\n - DNA-93368 Fix an error in Polish translation\n\n - DNA-93408 [Windows] widevine_cdm_component_installer\n does not compile on desktop-stable-90-4017\n\n - The update to chromium 90.0.4430.212 fixes following\n issues: CVE-2021-30506, CVE-2021-30507, CVE-2021-30508,\n CVE-2021-30509, CVE-2021-30510, CVE-2021-30511,\n CVE-2021-30512, CVE-2021-30513, CVE-2021-30514,\n CVE-2021-30515, CVE-2021-30516, CVE-2021-30517,\n CVE-2021-30518, CVE-2021-30519, CVE-2021-30520\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected opera package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30520\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opera\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.3\", reference:\"opera-76.0.4017.154-lp153.2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"opera\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-19T14:28:49", "description": "The version of Google Chrome installed on the remote Windows host is prior to 90.0.4430.212. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_05_stable-channel-update-for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-05-12T00:00:00", "type": "nessus", "title": "Google Chrome < 90.0.4430.212 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30506", "CVE-2021-30507", "CVE-2021-30508", "CVE-2021-30509", "CVE-2021-30510", "CVE-2021-30511", "CVE-2021-30512", "CVE-2021-30513", "CVE-2021-30514", "CVE-2021-30515", "CVE-2021-30516", "CVE-2021-30517", "CVE-2021-30518", "CVE-2021-30519", "CVE-2021-30520"], "modified": "2022-04-07T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_90_0_4430_212.NASL", "href": "https://www.tenable.com/plugins/nessus/149412", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149412);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/07\");\n\n script_cve_id(\n \"CVE-2021-30506\",\n \"CVE-2021-30507\",\n \"CVE-2021-30508\",\n \"CVE-2021-30509\",\n \"CVE-2021-30510\",\n \"CVE-2021-30511\",\n \"CVE-2021-30512\",\n \"CVE-2021-30513\",\n \"CVE-2021-30514\",\n \"CVE-2021-30515\",\n \"CVE-2021-30516\",\n \"CVE-2021-30517\",\n \"CVE-2021-30518\",\n \"CVE-2021-30519\",\n \"CVE-2021-30520\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0241-S\");\n\n script_name(english:\"Google Chrome < 90.0.4430.212 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 90.0.4430.212. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2021_05_stable-channel-update-for-desktop advisory. Note that Nessus\nhas not tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6e7dcca1\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1180126\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1178202\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1195340\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1196309\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1197436\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1197875\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1200019\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1200490\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1200766\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1201073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1201446\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1203122\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1203590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1194058\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1193362\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 90.0.4430.212 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30520\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\ninstalls = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'90.0.4430.212', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-19T14:28:39", "description": "Chrome Releases reports :\n\nThis release contains 19 security fixes, including :\n\n- [1180126] High CVE-2021-30506: Incorrect security UI in Web App Installs. Reported by @retsew0x01 on 2021-02-19\n\n- [1178202] High CVE-2021-30507: Inappropriate implementation in Offline. Reported by Alison Huffman, Microsoft Browser Vulnerability Research on 2021-02-14\n\n- [1195340] High CVE-2021-30508: Heap buffer overflow in Media Feeds.\nReported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-04-02\n\n- [1196309] High CVE-2021-30509: Out of bounds write in Tab Strip.\nReported by David Erceg on 2021-04-06\n\n- [1197436] High CVE-2021-30510: Race in Aura. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2021-04-09\n\n- [1197875] High CVE-2021-30511: Out of bounds read in Tab Groups.\nReported by David Erceg on 2021-04-10\n\n- [1200019] High CVE-2021-30512: Use after free in Notifications.\nReported by ZhanJia Song on 2021-04-17\n\n- [1200490] High CVE-2021-30513: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2021-04-19\n\n- [1200766] High CVE-2021-30514: Use after free in Autofill. Reported by koocola (@alo_cook) and Nan Wang (@eternalsakura13) of 360 Alpha Lab on 2021-04-20\n\n- [1201073] High CVE-2021-30515: Use after free in File API. Reported by Rong Jian and Guang Gong of 360 Alpha Lab on 2021-04-21\n\n- [1201446] High CVE-2021-30516: Heap buffer overflow in History.\nReported by ZhanJia Song on 2021-04-22\n\n- [1203122] High CVE-2021-30517: Type Confusion in V8. Reported by laural on 2021-04-27\n\n- [1203590] High CVE-2021-30518: Heap buffer overflow in Reader Mode.\nReported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2021-04-28\n\n- [1194058] Medium CVE-2021-30519: Use after free in Payments.\nReported by asnine on 2021-03-30\n\n- [1193362] Medium CVE-2021-30520: Use after free in Tab Strip.\nReported by Khalil Zhani on 2021-04-03", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-05-12T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (3cac007f-b27e-11eb-97a0-e09467587c17)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30506", "CVE-2021-30507", "CVE-2021-30508", "CVE-2021-30509", "CVE-2021-30510", "CVE-2021-30511", "CVE-2021-30512", "CVE-2021-30513", "CVE-2021-30514", "CVE-2021-30515", "CVE-2021-30516", "CVE-2021-30517", "CVE-2021-30518", "CVE-2021-30519", "CVE-2021-30520"], "modified": "2021-06-11T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_3CAC007FB27E11EB97A0E09467587C17.NASL", "href": "https://www.tenable.com/plugins/nessus/149425", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(149425);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/11\");\n\n script_cve_id(\"CVE-2021-30506\", \"CVE-2021-30507\", \"CVE-2021-30508\", \"CVE-2021-30509\", \"CVE-2021-30510\", \"CVE-2021-30511\", \"CVE-2021-30512\", \"CVE-2021-30513\", \"CVE-2021-30514\", \"CVE-2021-30515\", \"CVE-2021-30516\", \"CVE-2021-30517\", \"CVE-2021-30518\", \"CVE-2021-30519\", \"CVE-2021-30520\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (3cac007f-b27e-11eb-97a0-e09467587c17)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Chrome Releases reports :\n\nThis release contains 19 security fixes, including :\n\n- [1180126] High CVE-2021-30506: Incorrect security UI in Web App\nInstalls. Reported by @retsew0x01 on 2021-02-19\n\n- [1178202] High CVE-2021-30507: Inappropriate implementation in\nOffline. Reported by Alison Huffman, Microsoft Browser Vulnerability\nResearch on 2021-02-14\n\n- [1195340] High CVE-2021-30508: Heap buffer overflow in Media Feeds.\nReported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-04-02\n\n- [1196309] High CVE-2021-30509: Out of bounds write in Tab Strip.\nReported by David Erceg on 2021-04-06\n\n- [1197436] High CVE-2021-30510: Race in Aura. Reported by Weipeng\nJiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on\n2021-04-09\n\n- [1197875] High CVE-2021-30511: Out of bounds read in Tab Groups.\nReported by David Erceg on 2021-04-10\n\n- [1200019] High CVE-2021-30512: Use after free in Notifications.\nReported by ZhanJia Song on 2021-04-17\n\n- [1200490] High CVE-2021-30513: Type Confusion in V8. Reported by Man\nYue Mo of GitHub Security Lab on 2021-04-19\n\n- [1200766] High CVE-2021-30514: Use after free in Autofill. Reported\nby koocola (@alo_cook) and Nan Wang (@eternalsakura13) of 360 Alpha\nLab on 2021-04-20\n\n- [1201073] High CVE-2021-30515: Use after free in File API. Reported\nby Rong Jian and Guang Gong of 360 Alpha Lab on 2021-04-21\n\n- [1201446] High CVE-2021-30516: Heap buffer overflow in History.\nReported by ZhanJia Song on 2021-04-22\n\n- [1203122] High CVE-2021-30517: Type Confusion in V8. Reported by\nlaural on 2021-04-27\n\n- [1203590] High CVE-2021-30518: Heap buffer overflow in Reader Mode.\nReported by Jun Kokatsu, Microsoft Browser Vulnerability Research on\n2021-04-28\n\n- [1194058] Medium CVE-2021-30519: Use after free in Payments.\nReported by asnine on 2021-03-30\n\n- [1193362] Medium CVE-2021-30520: Use after free in Tab Strip.\nReported by Khalil Zhani on 2021-04-03\"\n );\n # https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6e7dcca1\"\n );\n # https://vuxml.freebsd.org/freebsd/3cac007f-b27e-11eb-97a0-e09467587c17.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?24c1bb62\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30520\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<90.0.4430.212\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-19T14:29:17", "description": "This update for chromium fixes the following issues :\n\nChromium 90.0.4430.212 (boo#1185908)\n\n - CVE-2021-30506: Incorrect security UI in Web App Installs\n\n - CVE-2021-30507: Inappropriate implementation in Offline\n\n - CVE-2021-30508: Heap buffer overflow in Media Feeds\n\n - CVE-2021-30509: Out of bounds write in Tab Strip\n\n - CVE-2021-30510: Race in Aura\n\n - CVE-2021-30511: Out of bounds read in Tab Group\n\n - CVE-2021-30512: Use after free in Notifications\n\n - CVE-2021-30513: Type Confusion in V8\n\n - CVE-2021-30514: Use after free in Autofill\n\n - CVE-2021-30515: Use after free in File API\n\n - CVE-2021-30516: Heap buffer overflow in History\n\n - CVE-2021-30517: Type Confusion in V8\n\n - CVE-2021-30518: Heap buffer overflow in Reader Mode\n\n - CVE-2021-30519: Use after free in Payments\n\n - CVE-2021-30520: Use after free in Tab Strip\n\n - FTP support disabled at runtime by default since release 88. Chromium 91 will remove support for ftp altogether (boo#1185496)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-05-18T00:00:00", "type": "nessus", "title": "openSUSE Security Update : chromium (openSUSE-2021-742)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30506", "CVE-2021-30507", "CVE-2021-30508", "CVE-2021-30509", "CVE-2021-30510", "CVE-2021-30511", "CVE-2021-30512", "CVE-2021-30513", "CVE-2021-30514", "CVE-2021-30515", "CVE-2021-30516", "CVE-2021-30517", "CVE-2021-30518", "CVE-2021-30519", "CVE-2021-30520"], "modified": "2021-06-11T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debuginfo", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-742.NASL", "href": "https://www.tenable.com/plugins/nessus/149600", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2021-742.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(149600);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/11\");\n\n script_cve_id(\"CVE-2021-30506\", \"CVE-2021-30507\", \"CVE-2021-30508\", \"CVE-2021-30509\", \"CVE-2021-30510\", \"CVE-2021-30511\", \"CVE-2021-30512\", \"CVE-2021-30513\", \"CVE-2021-30514\", \"CVE-2021-30515\", \"CVE-2021-30516\", \"CVE-2021-30517\", \"CVE-2021-30518\", \"CVE-2021-30519\", \"CVE-2021-30520\");\n\n script_name(english:\"openSUSE Security Update : chromium (openSUSE-2021-742)\");\n script_summary(english:\"Check for the openSUSE-2021-742 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for chromium fixes the following issues :\n\nChromium 90.0.4430.212 (boo#1185908)\n\n - CVE-2021-30506: Incorrect security UI in Web App\n Installs\n\n - CVE-2021-30507: Inappropriate implementation in Offline\n\n - CVE-2021-30508: Heap buffer overflow in Media Feeds\n\n - CVE-2021-30509: Out of bounds write in Tab Strip\n\n - CVE-2021-30510: Race in Aura\n\n - CVE-2021-30511: Out of bounds read in Tab Group\n\n - CVE-2021-30512: Use after free in Notifications\n\n - CVE-2021-30513: Type Confusion in V8\n\n - CVE-2021-30514: Use after free in Autofill\n\n - CVE-2021-30515: Use after free in File API\n\n - CVE-2021-30516: Heap buffer overflow in History\n\n - CVE-2021-30517: Type Confusion in V8\n\n - CVE-2021-30518: Heap buffer overflow in Reader Mode\n\n - CVE-2021-30519: Use after free in Payments\n\n - CVE-2021-30520: Use after free in Tab Strip\n\n - FTP support disabled at runtime by default since release\n 88. Chromium 91 will remove support for ftp altogether\n (boo#1185496)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1185496\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1185716\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1185908\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30520\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromedriver-90.0.4430.212-lp152.2.92.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromedriver-debuginfo-90.0.4430.212-lp152.2.92.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromium-90.0.4430.212-lp152.2.92.1\", allowmaj:TRUE) ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromium-debuginfo-90.0.4430.212-lp152.2.92.1\", allowmaj:TRUE) ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-19T14:29:07", "description": "This update for chromium fixes the following issues :\n\n(This is a rerelease with aarch64 enabled.)\n\nChromium 90.0.4430.212 (boo#1185908)\n\n - CVE-2021-30506: Incorrect security UI in Web App Installs\n\n - CVE-2021-30507: Inappropriate implementation in Offline\n\n - CVE-2021-30508: Heap buffer overflow in Media Feeds\n\n - CVE-2021-30509: Out of bounds write in Tab Strip\n\n - CVE-2021-30510: Race in Aura\n\n - CVE-2021-30511: Out of bounds read in Tab Group\n\n - CVE-2021-30512: Use after free in Notifications\n\n - CVE-2021-30513: Type Confusion in V8\n\n - CVE-2021-30514: Use after free in Autofill\n\n - CVE-2021-30515: Use after free in File API\n\n - CVE-2021-30516: Heap buffer overflow in History\n\n - CVE-2021-30517: Type Confusion in V8\n\n - CVE-2021-30518: Heap buffer overflow in Reader Mode\n\n - CVE-2021-30519: Use after free in Payments\n\n - CVE-2021-30520: Use after free in Tab Strip\n\n - FTP support disabled at runtime by default since release 88. Chromium 91 will remove support for ftp altogether (boo#1185496)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-05-25T00:00:00", "type": "nessus", "title": "openSUSE Security Update : chromium (openSUSE-2021-762)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30506", "CVE-2021-30507", "CVE-2021-30508", "CVE-2021-30509", "CVE-2021-30510", "CVE-2021-30511", "CVE-2021-30512", "CVE-2021-30513", "CVE-2021-30514", "CVE-2021-30515", "CVE-2021-30516", "CVE-2021-30517", "CVE-2021-30518", "CVE-2021-30519", "CVE-2021-30520"], "modified": "2021-06-11T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromedriver-debuginfo", "p-cpe:/a:novell:opensuse:chromium", "p-cpe:/a:novell:opensuse:chromium-debuginfo", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-762.NASL", "href": "https://www.tenable.com/plugins/nessus/149891", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2021-762.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(149891);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/11\");\n\n script_cve_id(\"CVE-2021-30506\", \"CVE-2021-30507\", \"CVE-2021-30508\", \"CVE-2021-30509\", \"CVE-2021-30510\", \"CVE-2021-30511\", \"CVE-2021-30512\", \"CVE-2021-30513\", \"CVE-2021-30514\", \"CVE-2021-30515\", \"CVE-2021-30516\", \"CVE-2021-30517\", \"CVE-2021-30518\", \"CVE-2021-30519\", \"CVE-2021-30520\");\n\n script_name(english:\"openSUSE Security Update : chromium (openSUSE-2021-762)\");\n script_summary(english:\"Check for the openSUSE-2021-762 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for chromium fixes the following issues :\n\n(This is a rerelease with aarch64 enabled.)\n\nChromium 90.0.4430.212 (boo#1185908)\n\n - CVE-2021-30506: Incorrect security UI in Web App\n Installs\n\n - CVE-2021-30507: Inappropriate implementation in Offline\n\n - CVE-2021-30508: Heap buffer overflow in Media Feeds\n\n - CVE-2021-30509: Out of bounds write in Tab Strip\n\n - CVE-2021-30510: Race in Aura\n\n - CVE-2021-30511: Out of bounds read in Tab Group\n\n - CVE-2021-30512: Use after free in Notifications\n\n - CVE-2021-30513: Type Confusion in V8\n\n - CVE-2021-30514: Use after free in Autofill\n\n - CVE-2021-30515: Use after free in File API\n\n - CVE-2021-30516: Heap buffer overflow in History\n\n - CVE-2021-30517: Type Confusion in V8\n\n - CVE-2021-30518: Heap buffer overflow in Reader Mode\n\n - CVE-2021-30519: Use after free in Payments\n\n - CVE-2021-30520: Use after free in Tab Strip\n\n - FTP support disabled at runtime by default since release\n 88. Chromium 91 will remove support for ftp altogether\n (boo#1185496)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1185496\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1185716\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1185908\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected chromium packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30520\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromedriver-90.0.4430.212-lp152.2.95.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromedriver-debuginfo-90.0.4430.212-lp152.2.95.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromium-90.0.4430.212-lp152.2.95.1\", allowmaj:TRUE) ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"chromium-debuginfo-90.0.4430.212-lp152.2.95.1\", allowmaj:TRUE) ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"chromedriver / chromedriver-debuginfo / chromium / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-19T14:29:29", "description": "This update for opera fixes the following issues :\n\nUpdate to version 76.0.4017.154\n\n - CHR-8420 Update chromium on desktop-stable-90-4017 to 90.0.4430.212\n\n - DNA-92411 Bookmarks breadcrumbs wrong color when pressed in dark mode\n\n - DNA-92587 Sync settings: “Use old password”\n button doesn’t work\n\n - DNA-92672 Make it possible for agent to inject scripts into startpage\n\n - DNA-92712 Add SD reload API\n\n - DNA-93190 The bookmark can’t be opened in Workspace 5-6\n\n - DNA-93247 Reopen last closed tab shortcut opens random tab on new window\n\n - DNA-93294 Binary diff for opera_browser.dll is not created on 32-bit builds\n\n - DNA-93313 Add opauto test to cover DNA-93190\n\n - DNA-93368 Fix an error in Polish translation\n\n - DNA-93408 [Windows] widevine_cdm_component_installer does not compile on desktop-stable-90-4017\n\n - The update to chromium 90.0.4430.212 fixes following issues: CVE-2021-30506, CVE-2021-30507, CVE-2021-30508, CVE-2021-30509, CVE-2021-30510, CVE-2021-30511, CVE-2021-30512, CVE-2021-30513, CVE-2021-30514, CVE-2021-30515, CVE-2021-30516, CVE-2021-30517, CVE-2021-30518, CVE-2021-30519, CVE-2021-30520\n\nUpdate to version 76.0.4017.123\n\n - DNA-91951 SkipAds click by default with Adblocker on Youtube\n\n - DNA-92293 [Mac] Crash at opera::BrowserWindowImpl::Cleanup()\n\n - DNA-92714 [Mac] Worskpace switching lags with lot of tabs\n\n - DNA-92847 DCHECK at tab_lifecycle_unit_source.cc:145\n\n - DNA-92860 [Windows] Fix issues when running buildsign script with Python 3\n\n - DNA-92879 Fix issues when running buildsign script with Python 3\n\n - DNA-92938 opera://activity/ page ignores workspaces\n\n - DNA-93015 [Player] Panel is too narrow\n\n - DNA-93044 Remove unnecessary question mark in Cashback string in Polish\n\n - DNA-93070 [Search Tabs] Selecting items with cursor keys skips over content matches\n\n - DNA-93122 Use input in builddiff.py\n\n - DNA-93175 Fix running repacking", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-04T00:00:00", "type": "nessus", "title": "openSUSE Security Update : opera (openSUSE-2021-829)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30506", "CVE-2021-30507", "CVE-2021-30508", "CVE-2021-30509", "CVE-2021-30510", "CVE-2021-30511", "CVE-2021-30512", "CVE-2021-30513", "CVE-2021-30514", "CVE-2021-30515", "CVE-2021-30516", "CVE-2021-30517", "CVE-2021-30518", "CVE-2021-30519", "CVE-2021-30520"], "modified": "2021-06-11T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:opera", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-829.NASL", "href": "https://www.tenable.com/plugins/nessus/150259", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2021-829.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(150259);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/11\");\n\n script_cve_id(\"CVE-2021-30506\", \"CVE-2021-30507\", \"CVE-2021-30508\", \"CVE-2021-30509\", \"CVE-2021-30510\", \"CVE-2021-30511\", \"CVE-2021-30512\", \"CVE-2021-30513\", \"CVE-2021-30514\", \"CVE-2021-30515\", \"CVE-2021-30516\", \"CVE-2021-30517\", \"CVE-2021-30518\", \"CVE-2021-30519\", \"CVE-2021-30520\");\n\n script_name(english:\"openSUSE Security Update : opera (openSUSE-2021-829)\");\n script_summary(english:\"Check for the openSUSE-2021-829 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for opera fixes the following issues :\n\nUpdate to version 76.0.4017.154\n\n - CHR-8420 Update chromium on desktop-stable-90-4017 to\n 90.0.4430.212\n\n - DNA-92411 Bookmarks breadcrumbs wrong color when pressed\n in dark mode\n\n - DNA-92587 Sync settings: “Use old password”\n button doesn’t work\n\n - DNA-92672 Make it possible for agent to inject scripts\n into startpage\n\n - DNA-92712 Add SD reload API\n\n - DNA-93190 The bookmark can’t be opened in\n Workspace 5-6\n\n - DNA-93247 Reopen last closed tab shortcut opens random\n tab on new window\n\n - DNA-93294 Binary diff for opera_browser.dll is not\n created on 32-bit builds\n\n - DNA-93313 Add opauto test to cover DNA-93190\n\n - DNA-93368 Fix an error in Polish translation\n\n - DNA-93408 [Windows] widevine_cdm_component_installer\n does not compile on desktop-stable-90-4017\n\n - The update to chromium 90.0.4430.212 fixes following\n issues: CVE-2021-30506, CVE-2021-30507, CVE-2021-30508,\n CVE-2021-30509, CVE-2021-30510, CVE-2021-30511,\n CVE-2021-30512, CVE-2021-30513, CVE-2021-30514,\n CVE-2021-30515, CVE-2021-30516, CVE-2021-30517,\n CVE-2021-30518, CVE-2021-30519, CVE-2021-30520\n\nUpdate to version 76.0.4017.123\n\n - DNA-91951 SkipAds click by default with Adblocker on\n Youtube\n\n - DNA-92293 [Mac] Crash at\n opera::BrowserWindowImpl::Cleanup()\n\n - DNA-92714 [Mac] Worskpace switching lags with lot of\n tabs\n\n - DNA-92847 DCHECK at tab_lifecycle_unit_source.cc:145\n\n - DNA-92860 [Windows] Fix issues when running buildsign\n script with Python 3\n\n - DNA-92879 Fix issues when running buildsign script with\n Python 3\n\n - DNA-92938 opera://activity/ page ignores workspaces\n\n - DNA-93015 [Player] Panel is too narrow\n\n - DNA-93044 Remove unnecessary question mark in Cashback\n string in Polish\n\n - DNA-93070 [Search Tabs] Selecting items with cursor keys\n skips over content matches\n\n - DNA-93122 Use input in builddiff.py\n\n - DNA-93175 Fix running repacking\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected opera package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30520\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opera\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"opera-76.0.4017.154-lp152.2.49.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"opera\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-18T14:24:26", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 91.0.864.37. It is, therefore, affected by multiple vulnerabilities as referenced in the May 27, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-02T00:00:00", "type": "nessus", "title": "Microsoft Edge (Chromium) < 91.0.864.37 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30521", "CVE-2021-30522", "CVE-2021-30523", "CVE-2021-30524", "CVE-2021-30525", "CVE-2021-30526", "CVE-2021-30527", "CVE-2021-30528", "CVE-2021-30529", "CVE-2021-30530", "CVE-2021-30531", "CVE-2021-30532", "CVE-2021-30533", "CVE-2021-30534", "CVE-2021-30535", "CVE-2021-30536", "CVE-2021-30537", "CVE-2021-30538", "CVE-2021-30539", "CVE-2021-30540", "CVE-2021-31937", "CVE-2021-31982"], "modified": "2022-06-27T00:00:00", "cpe": ["cpe:/a:microsoft:edge"], "id": "MICROSOFT_EDGE_CHROMIUM_91_0_864_37.NASL", "href": "https://www.tenable.com/plugins/nessus/150138", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150138);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/27\");\n\n script_cve_id(\n \"CVE-2021-30521\",\n \"CVE-2021-30522\",\n \"CVE-2021-30523\",\n \"CVE-2021-30524\",\n \"CVE-2021-30525\",\n \"CVE-2021-30526\",\n \"CVE-2021-30527\",\n \"CVE-2021-30528\",\n \"CVE-2021-30529\",\n \"CVE-2021-30530\",\n \"CVE-2021-30531\",\n \"CVE-2021-30532\",\n \"CVE-2021-30533\",\n \"CVE-2021-30534\",\n \"CVE-2021-30535\",\n \"CVE-2021-30536\",\n \"CVE-2021-30537\",\n \"CVE-2021-30538\",\n \"CVE-2021-30539\",\n \"CVE-2021-30540\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/07/18\");\n\n script_name(english:\"Microsoft Edge (Chromium) < 91.0.864.37 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 91.0.864.37. It is, therefore, affected\nby multiple vulnerabilities as referenced in the May 27, 2021 advisory. Note that Nessus has not tested for this issue\nbut has instead relied only on the application's self-reported version number.\");\n # https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#may-27-2021\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0c14a42a\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30521\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30522\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30523\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30524\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30525\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30526\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30527\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30528\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30529\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30530\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30531\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30532\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30533\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30534\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30535\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30536\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30537\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30538\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30539\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30540\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31937\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31982\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 91.0.864.37 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30535\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\napp_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nconstraints = [\n { 'fixed_version' : '91.0.864.37' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-04T14:45:17", "description": "The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:0949-1 advisory.\n\n - Use after free in BFCache in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30544)\n\n - Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30545)\n\n - Use after free in Autofill in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30546)\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\n - Use after free in Loader in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30548)\n\n - Use after free in Spell check in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30549)\n\n - Use after free in Accessibility in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30550)\n\n - Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30551)\n\n - Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30552)\n\n - Use after free in Network service in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30553)\n\n - Use after free in WebGL. (CVE-2021-30554)\n\n - Use after free in Sharing. (CVE-2021-30555)\n\n - Use after free in WebAudio. (CVE-2021-30556)\n\n - Use after free in TabGroups. (CVE-2021-30557)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-02T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : opera (openSUSE-SU-2021:0949-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30544", "CVE-2021-30545", "CVE-2021-30546", "CVE-2021-30547", "CVE-2021-30548", "CVE-2021-30549", "CVE-2021-30550", "CVE-2021-30551", "CVE-2021-30552", "CVE-2021-30553", "CVE-2021-30554", "CVE-2021-30555", "CVE-2021-30556", "CVE-2021-30557"], "modified": "2022-01-18T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:opera", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-949.NASL", "href": "https://www.tenable.com/plugins/nessus/151278", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:0949-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151278);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/18\");\n\n script_cve_id(\n \"CVE-2021-30544\",\n \"CVE-2021-30545\",\n \"CVE-2021-30546\",\n \"CVE-2021-30547\",\n \"CVE-2021-30548\",\n \"CVE-2021-30549\",\n \"CVE-2021-30550\",\n \"CVE-2021-30551\",\n \"CVE-2021-30552\",\n \"CVE-2021-30553\",\n \"CVE-2021-30554\",\n \"CVE-2021-30555\",\n \"CVE-2021-30556\",\n \"CVE-2021-30557\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"openSUSE 15 Security Update : opera (openSUSE-SU-2021:0949-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:0949-1 advisory.\n\n - Use after free in BFCache in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-30544)\n\n - Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed a remote attacker who had\n compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30545)\n\n - Use after free in Autofill in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30546)\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to\n potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\n - Use after free in Loader in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-30548)\n\n - Use after free in Spell check in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30549)\n\n - Use after free in Accessibility in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced\n a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30550)\n\n - Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-30551)\n\n - Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30552)\n\n - Use after free in Network service in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30553)\n\n - Use after free in WebGL. (CVE-2021-30554)\n\n - Use after free in Sharing. (CVE-2021-30555)\n\n - Use after free in WebAudio. (CVE-2021-30556)\n\n - Use after free in TabGroups. (CVE-2021-30557)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/Y5YMAC6DXOAQQEUSMY36JS76YC35PAXY/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bf2e46c2\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30544\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30545\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30546\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30548\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30549\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30550\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30551\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30552\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30553\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30554\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30556\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30557\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected opera package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30557\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:opera\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nos_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.2', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\npkgs = [\n {'reference':'opera-77.0.4054.146-lp152.2.52.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'opera');\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-03T15:02:00", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:0938-1 advisory.\n\n - Use after free in BFCache in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30544)\n\n - Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30545)\n\n - Use after free in Autofill in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30546)\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\n - Use after free in Loader in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30548)\n\n - Use after free in Spell check in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30549)\n\n - Use after free in Accessibility in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30550)\n\n - Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30551)\n\n - Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30552)\n\n - Use after free in Network service in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30553)\n\n - Use after free in WebGL. (CVE-2021-30554)\n\n - Use after free in Sharing. (CVE-2021-30555)\n\n - Use after free in WebAudio. (CVE-2021-30556)\n\n - Use after free in TabGroups. (CVE-2021-30557)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-01T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : chromium (openSUSE-SU-2021:0938-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30544", "CVE-2021-30545", "CVE-2021-30546", "CVE-2021-30547", "CVE-2021-30548", "CVE-2021-30549", "CVE-2021-30550", "CVE-2021-30551", "CVE-2021-30552", "CVE-2021-30553", "CVE-2021-30554", "CVE-2021-30555", "CVE-2021-30556", "CVE-2021-30557"], "modified": "2022-01-18T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2021-938.NASL", "href": "https://www.tenable.com/plugins/nessus/151198", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:0938-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151198);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/18\");\n\n script_cve_id(\n \"CVE-2021-30544\",\n \"CVE-2021-30545\",\n \"CVE-2021-30546\",\n \"CVE-2021-30547\",\n \"CVE-2021-30548\",\n \"CVE-2021-30549\",\n \"CVE-2021-30550\",\n \"CVE-2021-30551\",\n \"CVE-2021-30552\",\n \"CVE-2021-30553\",\n \"CVE-2021-30554\",\n \"CVE-2021-30555\",\n \"CVE-2021-30556\",\n \"CVE-2021-30557\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"openSUSE 15 Security Update : chromium (openSUSE-SU-2021:0938-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:0938-1 advisory.\n\n - Use after free in BFCache in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-30544)\n\n - Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed a remote attacker who had\n compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30545)\n\n - Use after free in Autofill in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30546)\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to\n potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\n - Use after free in Loader in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-30548)\n\n - Use after free in Spell check in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30549)\n\n - Use after free in Accessibility in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced\n a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30550)\n\n - Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-30551)\n\n - Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30552)\n\n - Use after free in Network service in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30553)\n\n - Use after free in WebGL. (CVE-2021-30554)\n\n - Use after free in Sharing. (CVE-2021-30555)\n\n - Use after free in WebAudio. (CVE-2021-30556)\n\n - Use after free in TabGroups. (CVE-2021-30557)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187481\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XFR7LUM6J45XO73B4GQD65J3TG3IDVJX/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dcce1bda\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30544\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30545\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30546\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30548\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30549\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30550\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30551\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30552\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30553\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30554\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30556\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30557\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromedriver and / or chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30557\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nos_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\npkgs = [\n {'reference':'chromedriver-91.0.4472.114-bp153.2.13.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromedriver-91.0.4472.114-bp153.2.13.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-91.0.4472.114-bp153.2.13.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-91.0.4472.114-bp153.2.13.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromedriver / chromium');\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-03T15:02:00", "description": "Chrome Releases reports :\n\nThis release contains 14 security fixes, including :\n\n- [1212618] Critical CVE-2021-30544: Use after free in BFCache.\nReported by Rong Jian and Guang Gong of 360 Alpha Lab on 2021-05-24\n\n- [1201031] High CVE-2021-30545: Use after free in Extensions.\nReported by kkwon with everpall and kkomdal on 2021-04-21\n\n- [1206911] High CVE-2021-30546: Use after free in Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-05-08\n\n- [1210414] High CVE-2021-30547: Out of bounds write in ANGLE.\nReported by Seong-Hwan Park (SeHwa) of SecunologyLab on 2021-05-18\n\n- [1210487] High CVE-2021-30548: Use after free in Loader. Reported by Yangkang(@dnpushme) & Wanglu of Qihoo360 Qex Team on 2021-05-18\n\n- [1212498] High CVE-2021-30549: Use after free in Spell check.\nReported by David Erceg on 2021-05-23\n\n- [1212500] High CVE-2021-30550: Use after free in Accessibility.\nReported by David Erceg on 2021-05-23\n\n- [1216437] High CVE-2021-30551: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2021-06-04\n\n- [1200679] Medium CVE-2021-30552: Use after free in Extensions.\nReported by David Erceg on 2021-04-20\n\n- [1209769] Medium CVE-2021-30553: Use after free in Network service.\nReported by Anonymous on 2021-05-17\n\nGoogle is aware that an exploit for CVE-2021-30551 exists in the wild.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-11T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (20b3ab21-c9df-11eb-8558-3065ec8fd3ec)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30544", "CVE-2021-30545", "CVE-2021-30546", "CVE-2021-30547", "CVE-2021-30548", "CVE-2021-30549", "CVE-2021-30550", "CVE-2021-30551", "CVE-2021-30552", "CVE-2021-30553"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_20B3AB21C9DF11EB85583065EC8FD3EC.NASL", "href": "https://www.tenable.com/plugins/nessus/150702", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(150702);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2021-30544\", \"CVE-2021-30545\", \"CVE-2021-30546\", \"CVE-2021-30547\", \"CVE-2021-30548\", \"CVE-2021-30549\", \"CVE-2021-30550\", \"CVE-2021-30551\", \"CVE-2021-30552\", \"CVE-2021-30553\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (20b3ab21-c9df-11eb-8558-3065ec8fd3ec)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Chrome Releases reports :\n\nThis release contains 14 security fixes, including :\n\n- [1212618] Critical CVE-2021-30544: Use after free in BFCache.\nReported by Rong Jian and Guang Gong of 360 Alpha Lab on 2021-05-24\n\n- [1201031] High CVE-2021-30545: Use after free in Extensions.\nReported by kkwon with everpall and kkomdal on 2021-04-21\n\n- [1206911] High CVE-2021-30546: Use after free in Autofill. Reported\nby Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on\n2021-05-08\n\n- [1210414] High CVE-2021-30547: Out of bounds write in ANGLE.\nReported by Seong-Hwan Park (SeHwa) of SecunologyLab on 2021-05-18\n\n- [1210487] High CVE-2021-30548: Use after free in Loader. Reported by\nYangkang(@dnpushme) & Wanglu of Qihoo360 Qex Team on 2021-05-18\n\n- [1212498] High CVE-2021-30549: Use after free in Spell check.\nReported by David Erceg on 2021-05-23\n\n- [1212500] High CVE-2021-30550: Use after free in Accessibility.\nReported by David Erceg on 2021-05-23\n\n- [1216437] High CVE-2021-30551: Type Confusion in V8. Reported by\nSergei Glazunov of Google Project Zero on 2021-06-04\n\n- [1200679] Medium CVE-2021-30552: Use after free in Extensions.\nReported by David Erceg on 2021-04-20\n\n- [1209769] Medium CVE-2021-30553: Use after free in Network service.\nReported by Anonymous on 2021-05-17\n\nGoogle is aware that an exploit for CVE-2021-30551 exists in the wild.\"\n );\n # https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?30538e38\"\n );\n # https://vuxml.freebsd.org/freebsd/20b3ab21-c9df-11eb-8558-3065ec8fd3ec.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a5282014\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30553\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<91.0.4472.101\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-03T15:00:23", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 91.0.864.48. It is, therefore, affected by multiple vulnerabilities as referenced in the June 11, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-11T00:00:00", "type": "nessus", "title": "Microsoft Edge (Chromium) < 91.0.864.48 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30544", "CVE-2021-30545", "CVE-2021-30546", "CVE-2021-30547", "CVE-2021-30548", "CVE-2021-30549", "CVE-2021-30550", "CVE-2021-30551", "CVE-2021-30552", "CVE-2021-30553"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/a:microsoft:edge"], "id": "MICROSOFT_EDGE_CHROMIUM_91_0_864_48.NASL", "href": "https://www.tenable.com/plugins/nessus/150721", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150721);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2021-30544\",\n \"CVE-2021-30545\",\n \"CVE-2021-30546\",\n \"CVE-2021-30547\",\n \"CVE-2021-30548\",\n \"CVE-2021-30549\",\n \"CVE-2021-30550\",\n \"CVE-2021-30551\",\n \"CVE-2021-30552\",\n \"CVE-2021-30553\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Microsoft Edge (Chromium) < 91.0.864.48 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 91.0.864.48. It is, therefore, affected\nby multiple vulnerabilities as referenced in the June 11, 2021 advisory. Note that Nessus has not tested for this issue\nbut has instead relied only on the application's self-reported version number.\");\n # https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#june-11-2021\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?294d93d8\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30544\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30545\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30546\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30548\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30549\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30550\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30551\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30552\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30553\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 91.0.864.48 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30553\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\napp_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nconstraints = [\n { 'fixed_version' : '91.0.864.48' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-03T15:01:10", "description": "The version of Google Chrome installed on the remote macOS host is prior to 91.0.4472.101. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_06_stable-channel-update-for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-09T00:00:00", "type": "nessus", "title": "Google Chrome < 91.0.4472.101 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30544", "CVE-2021-30545", "CVE-2021-30546", "CVE-2021-30547", "CVE-2021-30548", "CVE-2021-30549", "CVE-2021-30550", "CVE-2021-30551", "CVE-2021-30552", "CVE-2021-30553"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_91_0_4472_101.NASL", "href": "https://www.tenable.com/plugins/nessus/150431", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150431);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2021-30544\",\n \"CVE-2021-30545\",\n \"CVE-2021-30546\",\n \"CVE-2021-30547\",\n \"CVE-2021-30548\",\n \"CVE-2021-30549\",\n \"CVE-2021-30550\",\n \"CVE-2021-30551\",\n \"CVE-2021-30552\",\n \"CVE-2021-30553\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Google Chrome < 91.0.4472.101 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 91.0.4472.101. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the 2021_06_stable-channel-update-for-desktop advisory. Note that Nessus has\nnot tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?30538e38\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1212618\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1201031\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1206911\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1210414\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1210487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1212498\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1212500\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1216437\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1200679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1209769\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 91.0.4472.101 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30553\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'91.0.4472.101', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-03T15:01:36", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:0881-1 advisory.\n\n - Use after free in BFCache in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30544)\n\n - Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30545)\n\n - Use after free in Autofill in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30546)\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\n - Use after free in Loader in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30548)\n\n - Use after free in Spell check in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30549)\n\n - Use after free in Accessibility in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30550)\n\n - Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30551)\n\n - Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30552)\n\n - Use after free in Network service in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30553)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-28T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : chromium (openSUSE-SU-2021:0881-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30544", "CVE-2021-30545", "CVE-2021-30546", "CVE-2021-30547", "CVE-2021-30548", "CVE-2021-30549", "CVE-2021-30550", "CVE-2021-30551", "CVE-2021-30552", "CVE-2021-30553"], "modified": "2022-01-18T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-881.NASL", "href": "https://www.tenable.com/plugins/nessus/151083", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:0881-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151083);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/18\");\n\n script_cve_id(\n \"CVE-2021-30544\",\n \"CVE-2021-30545\",\n \"CVE-2021-30546\",\n \"CVE-2021-30547\",\n \"CVE-2021-30548\",\n \"CVE-2021-30549\",\n \"CVE-2021-30550\",\n \"CVE-2021-30551\",\n \"CVE-2021-30552\",\n \"CVE-2021-30553\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"openSUSE 15 Security Update : chromium (openSUSE-SU-2021:0881-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:0881-1 advisory.\n\n - Use after free in BFCache in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-30544)\n\n - Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed a remote attacker who had\n compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30545)\n\n - Use after free in Autofill in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30546)\n\n - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to\n potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)\n\n - Use after free in Loader in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-30548)\n\n - Use after free in Spell check in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30549)\n\n - Use after free in Accessibility in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced\n a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30550)\n\n - Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (CVE-2021-30551)\n\n - Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a\n user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.\n (CVE-2021-30552)\n\n - Use after free in Network service in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30553)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187141\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JKDHVVJH6V5YXSGWD7GDW62DQXQ22Y5E/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b685451f\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30544\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30545\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30546\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30548\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30549\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30550\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30551\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30552\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30553\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromedriver and / or chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30553\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nos_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.2', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\npkgs = [\n {'reference':'chromedriver-91.0.4472.101-lp152.2.104.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-91.0.4472.101-lp152.2.104.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromedriver / chromium');\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-03T15:00:48", "description": "The version of Google Chrome installed on the remote Windows host is prior to 91.0.4472.101. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_06_stable-channel-update-for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-09T00:00:00", "type": "nessus", "title": "Google Chrome < 91.0.4472.101 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30544", "CVE-2021-30545", "CVE-2021-30546", "CVE-2021-30547", "CVE-2021-30548", "CVE-2021-30549", "CVE-2021-30550", "CVE-2021-30551", "CVE-2021-30552", "CVE-2021-30553"], "modified": "2022-04-07T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_91_0_4472_101.NASL", "href": "https://www.tenable.com/plugins/nessus/150430", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150430);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/07\");\n\n script_cve_id(\n \"CVE-2021-30544\",\n \"CVE-2021-30545\",\n \"CVE-2021-30546\",\n \"CVE-2021-30547\",\n \"CVE-2021-30548\",\n \"CVE-2021-30549\",\n \"CVE-2021-30550\",\n \"CVE-2021-30551\",\n \"CVE-2021-30552\",\n \"CVE-2021-30553\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Google Chrome < 91.0.4472.101 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 91.0.4472.101. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2021_06_stable-channel-update-for-desktop advisory. Note that Nessus\nhas not tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?30538e38\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1212618\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1201031\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1206911\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1210414\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1210487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1212498\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1212500\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1216437\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1200679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1209769\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 91.0.4472.101 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30553\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\ninstalls = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'91.0.4472.101', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:50:34", "description": "The version of Google Chrome installed on the remote Windows host is prior to 91.0.4472.114. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_06_stable-channel-update-for-desktop_17 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-17T00:00:00", "type": "nessus", "title": "Google Chrome < 91.0.4472.114 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30554", "CVE-2021-30555", "CVE-2021-30556", "CVE-2021-30557"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_91_0_4472_114.NASL", "href": "https://www.tenable.com/plugins/nessus/150854", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150854);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2021-30554\",\n \"CVE-2021-30555\",\n \"CVE-2021-30556\",\n \"CVE-2021-30557\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Google Chrome < 91.0.4472.114 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 91.0.4472.114. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2021_06_stable-channel-update-for-desktop_17 advisory. Note that Nessus\nhas not tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d4d03a3a\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1219857\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1215029\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1212599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1202102\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 91.0.4472.114 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30557\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\ninstalls = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'91.0.4472.114', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:50:35", "description": "Chrome Releases reports :\n\nThis release includes 4 security fixes, including :\n\n- [1219857] High CVE-2021-30554: Use after free in WebGL. Reported by anonymous on 2021-06-15\n\n- [1215029] High CVE-2021-30555: Use after free in Sharing. Reported by David Erceg on 2021-06-01\n\n- [1212599] High CVE-2021-30556: Use after free in WebAudio. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-05-24\n\n- [1202102] High CVE-2021-30557: Use after free in TabGroups. Reported by David Erceg on 2021-04-23", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-25T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (afdc7579-d023-11eb-bcad-3065ec8fd3ec)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30554", "CVE-2021-30555", "CVE-2021-30556", "CVE-2021-30557"], "modified": "2022-01-25T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_AFDC7579D02311EBBCAD3065EC8FD3EC.NASL", "href": "https://www.tenable.com/plugins/nessus/151005", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151005);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/25\");\n\n script_cve_id(\n \"CVE-2021-30554\",\n \"CVE-2021-30555\",\n \"CVE-2021-30556\",\n \"CVE-2021-30557\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (afdc7579-d023-11eb-bcad-3065ec8fd3ec)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing a security-related update.\");\n script_set_attribute(attribute:\"description\", value:\n\"Chrome Releases reports :\n\nThis release includes 4 security fixes, including :\n\n- [1219857] High CVE-2021-30554: Use after free in WebGL. Reported by\nanonymous on 2021-06-15\n\n- [1215029] High CVE-2021-30555: Use after free in Sharing. Reported\nby David Erceg on 2021-06-01\n\n- [1212599] High CVE-2021-30556: Use after free in WebAudio. Reported\nby Yangkang (@dnpushme) of 360 ATA on 2021-05-24\n\n- [1202102] High CVE-2021-30557: Use after free in TabGroups. Reported\nby David Erceg on 2021-04-23\");\n # https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d4d03a3a\");\n # https://vuxml.freebsd.org/freebsd/afdc7579-d023-11eb-bcad-3065ec8fd3ec.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?91d0cec7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30557\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"chromium<91.0.4472.114\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:50:40", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:0898-1 advisory.\n\n - Use after free in WebGL. (CVE-2021-30554)\n\n - Use after free in Sharing. (CVE-2021-30555)\n\n - Use after free in WebAudio. (CVE-2021-30556)\n\n - Use after free in TabGroups. (CVE-2021-30557)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-28T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : chromium (openSUSE-SU-2021:0898-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30554", "CVE-2021-30555", "CVE-2021-30556", "CVE-2021-30557"], "modified": "2022-01-18T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:chromedriver", "p-cpe:/a:novell:opensuse:chromium", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-898.NASL", "href": "https://www.tenable.com/plugins/nessus/151077", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:0898-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151077);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/18\");\n\n script_cve_id(\n \"CVE-2021-30554\",\n \"CVE-2021-30555\",\n \"CVE-2021-30556\",\n \"CVE-2021-30557\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"openSUSE 15 Security Update : chromium (openSUSE-SU-2021:0898-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:0898-1 advisory.\n\n - Use after free in WebGL. (CVE-2021-30554)\n\n - Use after free in Sharing. (CVE-2021-30555)\n\n - Use after free in WebAudio. (CVE-2021-30556)\n\n - Use after free in TabGroups. (CVE-2021-30557)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187481\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JRQS6E56EGURN6VSX6LRCTP5WHICGNXR/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?71199d94\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30554\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30556\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30557\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected chromedriver and / or chromium packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30557\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromedriver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nos_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.2', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\npkgs = [\n {'reference':'chromedriver-91.0.4472.114-lp152.2.107.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'chromium-91.0.4472.114-lp152.2.107.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromedriver / chromium');\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:50:35", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 91.0.864.54. It is, therefore, affected by multiple vulnerabilities as referenced in the June 18, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-18T00:00:00", "type": "nessus", "title": "Microsoft Edge (Chromium) < 91.0.864.54 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30554", "CVE-2021-30555", "CVE-2021-30556", "CVE-2021-30557"], "modified": "2022-01-18T00:00:00", "cpe": ["cpe:/a:microsoft:edge"], "id": "MICROSOFT_EDGE_CHROMIUM_91_0_864_54.NASL", "href": "https://www.tenable.com/plugins/nessus/150868", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150868);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/18\");\n\n script_cve_id(\n \"CVE-2021-30554\",\n \"CVE-2021-30555\",\n \"CVE-2021-30556\",\n \"CVE-2021-30557\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Microsoft Edge (Chromium) < 91.0.864.54 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 91.0.864.54. It is, therefore, affected\nby multiple vulnerabilities as referenced in the June 18, 2021 advisory. Note that Nessus has not tested for this issue\nbut has instead relied only on the application's self-reported version number.\");\n # https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#june-18-2021\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fe8ae1a6\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30554\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30556\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30557\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 91.0.864.54 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30557\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\napp_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nconstraints = [\n { 'fixed_version' : '91.0.864.54' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:49:30", "description": "The version of Google Chrome installed on the remote macOS host is prior to 91.0.4472.114. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_06_stable-channel-update-for-desktop_17 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-17T00:00:00", "type": "nessus", "title": "Google Chrome < 91.0.4472.114 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30554", "CVE-2021-30555", "CVE-2021-30556", "CVE-2021-30557"], "modified": "2022-01-18T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_91_0_4472_114.NASL", "href": "https://www.tenable.com/plugins/nessus/150855", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150855);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/18\");\n\n script_cve_id(\n \"CVE-2021-30554\",\n \"CVE-2021-30555\",\n \"CVE-2021-30556\",\n \"CVE-2021-30557\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0293-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Google Chrome < 91.0.4472.114 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 91.0.4472.114. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the 2021_06_stable-channel-update-for-desktop_17 advisory. Note that Nessus\nhas not tested for this issue but has instead relied only on the application's self-reported version number.\");\n # https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d4d03a3a\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1219857\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1215029\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1212599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1202102\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 91.0.4472.114 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30557\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/06/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'91.0.4472.114', severity:SECURITY_WARNING, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-01T15:09:54", "description": "The remote Ubuntu 20.04 LTS / 21.04 host has packages installed that are affected by a vulnerability as referenced in the USN-5156-1 advisory.\n\n - Double free in ICU in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30535)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-11-29T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS / 21.04 : ICU vulnerability (USN-5156-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30535"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:21.04", "p-cpe:/a:canonical:ubuntu_linux:icu-devtools", "p-cpe:/a:canonical:ubuntu_linux:libicu-dev", "p-cpe:/a:canonical:ubuntu_linux:libicu66", "p-cpe:/a:canonical:ubuntu_linux:libicu67"], "id": "UBUNTU_USN-5156-1.NASL", "href": "https://www.tenable.com/plugins/nessus/155722", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5156-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155722);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\"CVE-2021-30535\");\n script_xref(name:\"USN\", value:\"5156-1\");\n script_xref(name:\"IAVA\", value:\"2021-A-0253-S\");\n\n script_name(english:\"Ubuntu 20.04 LTS / 21.04 : ICU vulnerability (USN-5156-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS / 21.04 host has packages installed that are affected by a vulnerability as referenced in\nthe USN-5156-1 advisory.\n\n - Double free in ICU in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit\n heap corruption via a crafted HTML page. (CVE-2021-30535)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5156-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-30535\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:21.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:icu-devtools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libicu-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libicu66\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libicu67\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021-2023 Canonical, Inc. / NASL script (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(20\\.04|21\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04 / 21.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\nvar pkgs = [\n {'osver': '20.04', 'pkgname': 'icu-devtools', 'pkgver': '66.1-2ubuntu2.1'},\n {'osver': '20.04', 'pkgname': 'libicu-dev', 'pkgver': '66.1-2ubuntu2.1'},\n {'osver': '20.04', 'pkgname': 'libicu66', 'pkgver': '66.1-2ubuntu2.1'},\n {'osver': '21.04', 'pkgname': 'icu-devtools', 'pkgver': '67.1-6ubuntu2.1'},\n {'osver': '21.04', 'pkgname': 'libicu-dev', 'pkgver': '67.1-6ubuntu2.1'},\n {'osver': '21.04', 'pkgname': 'libicu67', 'pkgver': '67.1-6ubuntu2.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'icu-devtools / libicu-dev / libicu66 / libicu67');\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2022-01-19T15:51:30", "description": "\n\nChrome Releases reports:\n\nThis release contains 32 security fixes, including:\n\n[1208721] High CVE-2021-30521: Heap buffer overflow in Autofill.\n\t Reported by ZhanJia Song on 2021-05-13\n[1176218] High CVE-2021-30522: Use after free in WebAudio.\n\t Reported by Piotr Bania of Cisco Talos on 2021-02-09\n[1187797] High CVE-2021-30523: Use after free in WebRTC.\n\t Reported by Tolyan Korniltsev on 2021-03-13\n[1197146] High CVE-2021-30524: Use after free in TabStrip.\n\t Reported by David Erceg on 2021-04-08\n[1197888] High CVE-2021-30525: Use after free in TabGroups.\n\t Reported by David Erceg on 2021-04-11\n[1198717] High CVE-2021-30526: Out of bounds write in\n\t TabStrip. Reported by David Erceg on 2021-04-13\n[1199198] High CVE-2021-30527: Use after free in WebUI.\n\t Reported by David Erceg on 2021-04-15\n[1206329] High CVE-2021-30528: Use after free in\n\t WebAuthentication. Reported by Man Yue Mo of GitHub Security Lab on\n\t 2021-05-06\n[1195278] Medium CVE-2021-30529: Use after free in Bookmarks.\n\t Reported by koocola (@alo_cook) and Nan Wang (@eternalsakura13) of\n\t 360 Alpha Lab on 2021-04-02\n[1201033] Medium CVE-2021-30530: Out of bounds memory access\n\t in WebAudio. Reported by kkwon on 2021-04-21\n[1115628] Medium CVE-2021-30531: Insufficient policy\n\t enforcement in Content Security Policy. Reported by Philip Papurt on\n\t 2020-08-12\n[1117687] Medium CVE-2021-30532: Insufficient policy\n\t enforcement in Content Security Policy. Reported by Philip Papurt on\n\t 2020-08-18\n[1145553] Medium CVE-2021-30533: Insufficient policy\n\t enforcement in PopupBlocker. Reported by Eliya Stein on\n\t 2020-11-04\n[1151507] Medium CVE-2021-30534: Insufficient policy\n\t enforcement in iFrameSandbox. Reported by Alesandro Ortiz on\n\t 2020-11-20\n[1194899] Medium CVE-2021-30535: Double free in ICU. Reported\n\t by nocma, leogan, cheneyxu of WeChat Open Platform Security Team on\n\t 2021-04-01\n[1145024] Medium CVE-2021-21212: Insufficient data validation\n\t in networking. Reported by Hugo Hue and Sze Yiu Chau of the Chinese\n\t University of Hong Kong on 2020-11-03\n[1194358] Low CVE-2021-30536: Out of bounds read in V8.\n\t Reported by Chris Salls (@salls) on 2021-03-31\n[830101] Low CVE-2021-30537: Insufficient policy enforcement\n\t in cookies. Reported by Jun Kokatsu (@shhnjk) on 2018-04-06\n[1115045] Low CVE-2021-30538: Insufficient policy enforcement\n\t in content security policy. Reported by Tianze Ding (@D1iv3) of\n\t Tencent Security Xuanwu Lab on 2020-08-11\n[971231] Low CVE-2021-30539: Insufficient policy enforcement\n\t in content security policy. Reported by unnamed researcher on\n\t 2019-06-05\n[1184147] Low CVE-2021-30540: Incorrect security UI in\n\t payments. Reported by @retsew0x01 on 2021-03-03\n\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-05-25T00:00:00", "type": "freebsd", "title": "chromium -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21212", "CVE-2021-30521", "CVE-2021-30522", "CVE-2021-30523", "CVE-2021-30524", "CVE-2021-30525", "CVE-2021-30526", "CVE-2021-30527", "CVE-2021-30528", "CVE-2021-30529", "CVE-2021-30530", "CVE-2021-30531", "CVE-2021-30532", "CVE-2021-30533", "CVE-2021-30534", "CVE-2021-30535", "CVE-2021-30536", "CVE-2021-30537", "CVE-2021-30538", "CVE-2021-30539", "CVE-2021-30540"], "modified": "2021-05-25T00:00:00", "id": "674ED047-BE0A-11EB-B927-3065EC8FD3EC", "href": "https://vuxml.freebsd.org/freebsd/674ed047-be0a-11eb-b927-3065ec8fd3ec.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-19T15:51:30", "description": "\n\nChrome Releases reports:\n\nThis release contains 19 security fixes, including:\n\n[1180126] High CVE-2021-30506: Incorrect security UI in Web App\n\t Installs. Reported by @retsew0x01 on 2021-02-19\n[1178202] High CVE-2021-30507: Inappropriate implementation in\n\t Offline. Reported by Alison Huffman, Microsoft Browser\n\t Vulnerability Research on 2021-02-14\n[1195340] High CVE-2021-30508: Heap buffer overflow in Media\n\t Feeds. Reported by Leecraso and Guang Gong of 360 Alpha Lab on\n\t 2021-04-02\n[1196309] High CVE-2021-30509: Out of bounds write in Tab Strip.\n\t Reported by David Erceg on 2021-04-06\n[1197436] High CVE-2021-30510: Race in Aura. Reported by Weipeng\n\t Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group\n\t on 2021-04-09\n[1197875] High CVE-2021-30511: Out of bounds read in Tab Groups.\n\t Reported by David Erceg on 2021-04-10\n[1200019] High CVE-2021-30512: Use after free in Notifications.\n\t Reported by ZhanJia Song on 2021-04-17\n[1200490] High CVE-2021-30513: Type Confusion in V8. Reported by\n\t Man Yue Mo of GitHub Security Lab on 2021-04-19\n[1200766] High CVE-2021-30514: Use after free in Autofill.\n\t Reported by koocola (@alo_cook) and Nan Wang (@eternalsakura13) of\n\t 360 Alpha Lab on 2021-04-20\n[1201073] High CVE-2021-30515: Use after free in File API.\n\t Reported by Rong Jian and Guang Gong of 360 Alpha Lab on\n\t 2021-04-21\n[1201446] High CVE-2021-30516: Heap buffer overflow in History.\n\t Reported by ZhanJia Song on 2021-04-22\n[1203122] High CVE-2021-30517: Type Confusion in V8. Reported by\n\t laural on 2021-04-27\n[1203590] High CVE-2021-30518: Heap buffer overflow in Reader\n\t Mode. Reported by Jun Kokatsu, Microsoft Browser Vulnerability\n\t Research on 2021-04-28\n[1194058] Medium CVE-2021-30519: Use after free in Payments.\n\t Reported by asnine on 2021-03-30\n[1193362] Medium CVE-2021-30520: Use after free in Tab Strip.\n\t Reported by Khalil Zhani on 2021-04-03\n\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-05-10T00:00:00", "type": "freebsd", "title": "chromium -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30506", "CVE-2021-30507", "CVE-2021-30508", "CVE-2021-30509", "CVE-2021-30510", "CVE-2021-30511", "CVE-2021-30512", "CVE-2021-30513", "CVE-2021-30514", "CVE-2021-30515", "CVE-2021-30516", "CVE-2021-30517", "CVE-2021-30518", "CVE-2021-30519", "CVE-2021-30520"], "modified": "2021-05-10T00:00:00", "id": "3CAC007F-B27E-11EB-97A0-E09467587C17", "href": "https://vuxml.freebsd.org/freebsd/3cac007f-b27e-11eb-97a0-e09467587c17.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-19T15:51:30", "description": "\n\nChrome Releases reports:\n\nThis release contains 14 security fixes, including:\n\n[1212618] Critical CVE-2021-30544: Use after free in BFCache.\n\t Reported by Rong Jian and Guang Gong of 360 Alpha Lab on\n\t 2021-05-24\n[1201031] High CVE-2021-30545: Use after free in Extensions.\n\t Reported by kkwon with everpall and kkomdal on 2021-04-21\n[1206911] High CVE-2021-30546: Use after free in Autofill.\n\t Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability\n\t Research on 2021-05-08\n[1210414] High CVE-2021-30547: Out of bounds write in ANGLE.\n\t Reported by Seong-Hwan Park (SeHwa) of SecunologyLab on\n\t 2021-05-18\n[1210487] High CVE-2021-30548: Use after free in Loader.\n\t Reported by Yangkang(@dnpushme) & Wanglu of Qihoo360 Qex Team\n\t on 2021-05-18\n[1212498] High CVE-2021-30549: Use after free in Spell check.\n\t Reported by David Erceg on 2021-05-23\n[1212500] High CVE-2021-30550: Use after free in Accessibility.\n\t Reported by David Erceg on 2021-05-23\n[1216437] High CVE-2021-30551: Type Confusion in V8. Reported by\n\t Sergei Glazunov of Google Project Zero on 2021-06-04\n[1200679] Medium CVE-2021-30552: Use after free in Extensions.\n\t Reported by David Erceg on 2021-04-20\n[1209769] Medium CVE-2021-30553: Use after free in Network\n\t service. Reported by Anonymous on 2021-05-17\n\nGoogle is aware that an exploit for CVE-2021-30551 exists in the\n\t wild.\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-06-10T00:00:00", "type": "freebsd", "title": "chromium -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30544", "CVE-2021-30545", "CVE-2021-30546", "CVE-2021-30547", "CVE-2021-30548", "CVE-2021-30549", "CVE-2021-30550", "CVE-2021-30551", "CVE-2021-30552", "CVE-2021-30553"], "modified": "2021-06-10T00:00:00", "id": "20B3AB21-C9DF-11EB-8558-3065EC8FD3EC", "href": "https://vuxml.freebsd.org/freebsd/20b3ab21-c9df-11eb-8558-3065ec8fd3ec.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-19T15:51:30", "description": "\n\nChrome Releases reports:\n\nThis release includes 4 security fixes, including:\n\n[1219857] High CVE-2021-30554: Use after free in WebGL. Reported\n\t by anonymous on 2021-06-15\n[1215029] High CVE-2021-30555: Use after free in Sharing.\n\t Reported by David Erceg on 2021-06-01\n[1212599] High CVE-2021-30556: Use after free in WebAudio.\n\t Reported by Yangkang (@dnpushme) of 360 ATA on 2021-05-24\n[1202102] High CVE-2021-30557: Use after free in TabGroups.\n\t Reported by David Erceg on 2021-04-23\n\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-06-17T00:00:00", "type": "freebsd", "title": "chromium -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30554", "CVE-2021-30555", "CVE-2021-30556", "CVE-2021-30557"], "modified": "2021-06-17T00:00:00", "id": "AFDC7579-D023-11EB-BCAD-3065EC8FD3EC", "href": "https://vuxml.freebsd.org/freebsd/afdc7579-d023-11eb-bcad-3065ec8fd3ec.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "archlinux": [{"lastseen": "2021-07-28T14:33:54", "description": "Arch Linux Security Advisory ASA-202106-2\n=========================================\n\nSeverity: High\nDate : 2021-06-01\nCVE-ID : CVE-2021-30521 CVE-2021-30522 CVE-2021-30523 CVE-2021-30524\nCVE-2021-30525 CVE-2021-30526 CVE-2021-30527 CVE-2021-30528\nCVE-2021-30529 CVE-2021-30530 CVE-2021-30531 CVE-2021-30532\nCVE-2021-30533 CVE-2021-30534 CVE-2021-30535 CVE-2021-30536\nCVE-2021-30537 CVE-2021-30538 CVE-2021-30539 CVE-2021-30540\nPackage : chromium\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1990\n\nSummary\n=======\n\nThe package chromium before version 91.0.4472.77-1 is vulnerable to\nmultiple issues including arbitrary code execution, information\ndisclosure, insufficient validation and content spoofing.\n\nResolution\n==========\n\nUpgrade to 91.0.4472.77-1.\n\n# pacman -Syu \"chromium>=91.0.4472.77-1\"\n\nThe problems have been fixed upstream in version 91.0.4472.77.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2021-30521 (arbitrary code execution)\n\nA heap buffer overflow security issue has been found in the Autofill\ncomponent of the Chromium browser before version 91.0.4472.77.\n\n- CVE-2021-30522 (arbitrary code execution)\n\nA use after free security issue has been found in the WebAudio\ncomponent of the Chromium browser before version 91.0.4472.77.\n\n- CVE-2021-30523 (arbitrary code execution)\n\nA use after free security issue has been found in the WebRTC component\nof the Chromium browser before version 91.0.4472.77.\n\n- CVE-2021-30524 (arbitrary code execution)\n\nA use after free security issue has been found in the TabStrip\ncomponent of the Chromium browser before version 91.0.4472.77.\n\n- CVE-2021-30525 (arbitrary code execution)\n\nA use after free security issue has been found in the TabGroups\ncomponent of the Chromium browser before version 91.0.4472.77.\n\n- CVE-2021-30526 (arbitrary code execution)\n\nAn out of bounds write security issue has been found in the TabStrip\ncomponent of the Chromium browser before version 91.0.4472.77.\n\n- CVE-2021-30527 (arbitrary code execution)\n\nA use after free security issue has been found in the WebUI component\nof the Chromium browser before version 91.0.4472.77.\n\n- CVE-2021-30528 (arbitrary code execution)\n\nA use after free security issue has been found in the WebAuthentication\ncomponent of the Chromium browser before version 91.0.4472.77.\n\n- CVE-2021-30529 (arbitrary code execution)\n\nA use after free security issue has been found in the Bookmarks\ncomponent of the Chromium browser before version 91.0.4472.77.\n\n- CVE-2021-30530 (information disclosure)\n\nAn out of bounds memory access security issue has been found in the\nWebAudio component of the Chromium browser before version 91.0.4472.77.\n\n- CVE-2021-30531 (insufficient validation)\n\nAn insufficient policy enforcement security issue has been found in the\nContent Security Policy component of the Chromium browser before\nversion 91.0.4472.77.\n\n- CVE-2021-30532 (insufficient validation)\n\nAn insufficient policy enforcement security issue has been found in the\nContent Security Policy component of the Chromium browser before\nversion 91.0.4472.77.\n\n- CVE-2021-30533 (insufficient validation)\n\nAn insufficient policy enforcement security issue has been found in the\nPopupBlocker component of the Chromium browser before version\n91.0.4472.77.\n\n- CVE-2021-30534 (insufficient validation)\n\nAn insufficient policy enforcement security issue has been found in the\niFrameSandbox component of the Chromium browser before version\n91.0.4472.77.\n\n- CVE-2021-30535 (arbitrary code execution)\n\nA double free security issue has been found in the ICU component of the\nChromium browser before version 91.0.4472.77.\n\n- CVE-2021-30536 (information disclosure)\n\nAn out of bounds read security issue has been found in the V8 component\nof the Chromium browser before version 91.0.4472.77.\n\n- CVE-2021-30537 (insufficient validation)\n\nAn insufficient policy enforcement security issue has been found in the\ncookies component of the Chromium browser before version 91.0.4472.77.\n\n- CVE-2021-30538 (insufficient validation)\n\nAn insufficient policy enforcement security issue has been found in the\ncontent security policy component of the Chromium browser before\nversion 91.0.4472.77.\n\n- CVE-2021-30539 (insufficient validation)\n\nAn insufficient policy enforcement security issue has been found in the\ncontent security policy component of the Chromium browser before\nversion 91.0.4472.77.\n\n- CVE-2021-30540 (content spoofing)\n\nAn incorrect security UI security issue has been found in the payments\ncomponent of the Chromium browser before version 91.0.4472.77.\n\nImpact\n======\n\nA remote attacker could spoof content, disclose sensitive information,\nor execute arbitrary code through crafted web pages.\n\nReferences\n==========\n\nhttps://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html\nhttps://crbug.com/1208721\nhttps://crbug.com/1176218\nhttps://crbug.com/1187797\nhttps://crbug.com/1197146\nhttps://crbug.com/1197888\nhttps://crbug.com/1198717\nhttps://crbug.com/1199198\nhttps://crbug.com/1206329\nhttps://crbug.com/1195278\nhttps://crbug.com/1201033\nhttps://crbug.com/1115628\nhttps://crbug.com/1117687\nhttps://crbug.com/1145553\nhttps://crbug.com/1151507\nhttps://crbug.com/1194899\nhttps://crbug.com/1194358\nhttps://crbug.com/830101\nhttps://crbug.com/1115045\nhttps://crbug.com/971231\nhttps://crbug.com/1184147\nhttps://security.archlinux.org/CVE-2021-30521\nhttps://security.archlinux.org/CVE-2021-30522\nhttps://security.archlinux.org/CVE-2021-30523\nhttps://security.archlinux.org/CVE-2021-30524\nhttps://security.archlinux.org/CVE-2021-30525\nhttps://security.archlinux.org/CVE-2021-30526\nhttps://security.archlinux.org/CVE-2021-30527\nhttps://security.archlinux.org/CVE-2021-30528\nhttps://security.archlinux.org/CVE-2021-30529\nhttps://security.archlinux.org/CVE-2021-30530\nhttps://security.archlinux.org/CVE-2021-30531\nhttps://security.archlinux.org/CVE-2021-30532\nhttps://security.archlinux.org/CVE-2021-30533\nhttps://security.archlinux.org/CVE-2021-30534\nhttps://security.archlinux.org/CVE-2021-30535\nhttps://security.archlinux.org/CVE-2021-30536\nhttps://security.archlinux.org/CVE-2021-30537\nhttps://security.archlinux.org/CVE-2021-30538\nhttps://security.archlinux.org/CVE-2021-30539\nhttps://security.archlinux.org/CVE-2021-30540", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-06-01T00:00:00", "type": "archlinux", "title": "[ASA-202106-2] chromium: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30521", "CVE-2021-30522", "CVE-2021-30523", "CVE-2021-30524", "CVE-2021-30525", "CVE-2021-30526", "CVE-2021-30527", "CVE-2021-30528", "CVE-2021-30529", "CVE-2021-30530", "CVE-2021-30531", "CVE-2021-30532", "CVE-2021-30533", "CVE-2021-30534", "CVE-2021-30535", "CVE-2021-30536", "CVE-2021-30537", "CVE-2021-30538", "CVE-2021-30539", "CVE-2021-30540"], "modified": "2021-06-01T00:00:00", "id": "ASA-202106-2", "href": "https://security.archlinux.org/ASA-202106-2", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:33:54", "description": "Arch Linux Security Advisory ASA-202106-1\n=========================================\n\nSeverity: High\nDate : 2021-06-01\nCVE-ID : CVE-2021-30506 CVE-2021-30507 CVE-2021-30508 CVE-2021-30509\nCVE-2021-30510 CVE-2021-30511 CVE-2021-30512 CVE-2021-30513\nCVE-2021-30514 CVE-2021-30515 CVE-2021-30516 CVE-2021-30517\nCVE-2021-30518 CVE-2021-30519 CVE-2021-30520\nPackage : opera\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1938\n\nSummary\n=======\n\nThe package opera before version 76.0.4017.154-1 is vulnerable to\nmultiple issues including arbitrary code execution, content spoofing,\nincorrect calculation and information disclosure.\n\nResolution\n==========\n\nUpgrade to 76.0.4017.154-1.\n\n# pacman -Syu \"opera>=76.0.4017.154-1\"\n\nThe problems have been fixed upstream in version 76.0.4017.154.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2021-30506 (content spoofing)\n\nAn incorrect security UI security issue has been found in the Web App\nInstalls component of the Chromium browser before version\n90.0.4430.212.\n\n- CVE-2021-30507 (incorrect calculation)\n\nAn inappropriate implementation security issue has been found in the\nOffline component of the Chromium browser before version 90.0.4430.212.\n\n- CVE-2021-30508 (arbitrary code execution)\n\nA heap buffer overflow security issue has been found in the Media Feeds\ncomponent of the Chromium browser before version 90.0.4430.212.\n\n- CVE-2021-30509 (arbitrary code execution)\n\nAn out of bounds write security issue has been found in the Tab Strip\ncomponent of the Chromium browser before version 90.0.4430.212.\n\n- CVE-2021-30510 (arbitrary code execution)\n\nA race condition security issue has been found in the Aura component of\nthe Chromium browser before version 90.0.4430.212.\n\n- CVE-2021-30511 (information disclosure)\n\nAn out of bounds read security issue has been found in the Tab Groups\ncomponent of the Chromium browser before version 90.0.4430.212.\n\n- CVE-2021-30512 (arbitrary code execution)\n\nA use after free security issue has been found in the Notifications\ncomponent of the Chromium browser before version 90.0.4430.212.\n\n- CVE-2021-30513 (incorrect calculation)\n\nA type confusion security issue has been found in the V8 component of\nthe Chromium browser before version 90.0.4430.212.\n\n- CVE-2021-30514 (arbitrary code execution)\n\nA use after free security issue has been found in the Autofill\ncomponent of the Chromium browser before version 90.0.4430.212.\n\n- CVE-2021-30515 (arbitrary code execution)\n\nA use after free security issue has been found in the File API\ncomponent of the Chromium browser before version 90.0.4430.212.\n\n- CVE-2021-30516 (arbitrary code execution)\n\nA heap buffer overflow security issue has been found in the History\ncomponent of the Chromium browser before version 90.0.4430.212.\n\n- CVE-2021-30517 (incorrect calculation)\n\nA type confusion security issue has been found in the V8 component of\nthe Chromium browser before version 90.0.4430.212.\n\n- CVE-2021-30518 (arbitrary code execution)\n\nA heap buffer overflow security issue has been found in the Reader Mode\ncomponent of the Chromium browser before version 90.0.4430.212.\n\n- CVE-2021-30519 (arbitrary code execution)\n\nA use after free security issue has been found in the Payments\ncomponent of the Chromium browser before version 90.0.4430.212.\n\n- CVE-2021-30520 (arbitrary code execution)\n\nA use after free security issue has been found in the Tab Strip\ncomponent of the Chromium browser before version 90.0.4430.212.\n\nImpact\n======\n\nA remote attacker could spoof content, disclose sensitive information,\nor execute arbitrary code through crafted web pages.\n\nReferences\n==========\n\nhttps://blogs.opera.com/desktop/changelog-for-76/\nhttps://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop.html\nhttps://crbug.com/1180126\nhttps://crbug.com/1178202\nhttps://crbug.com/1195340\nhttps://crbug.com/1196309\nhttps://crbug.com/1197436\nhttps://crbug.com/1197875\nhttps://crbug.com/1200019\nhttps://crbug.com/1200490\nhttps://crbug.com/1200766\nhttps://crbug.com/1201073\nhttps://crbug.com/1201446\nhttps://crbug.com/1203122\nhttps://crbug.com/1203590\nhttps://crbug.com/1194058\nhttps://crbug.com/1193362\nhttps://security.archlinux.org/CVE-2021-30506\nhttps://security.archlinux.org/CVE-2021-30507\nhttps://security.archlinux.org/CVE-2021-30508\nhttps://security.archlinux.org/CVE-2021-30509\nhttps://security.archlinux.org/CVE-2021-30510\nhttps://security.archlinux.org/CVE-2021-30511\nhttps://security.archlinux.org/CVE-2021-30512\nhttps://security.archlinux.org/CVE-2021-30513\nhttps://security.archlinux.org/CVE-2021-30514\nhttps://security.archlinux.org/CVE-2021-30515\nhttps://security.archlinux.org/CVE-2021-30516\nhttps://security.archlinux.org/CVE-2021-30517\nhttps://security.archlinux.org/CVE-2021-30518\nhttps://security.archlinux.org/CVE-2021-30519\nhttps://security.archlinux.org/CVE-2021-30520", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-06-01T00:00:00", "type": "archlinux", "title": "[ASA-202106-1] opera: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30506", "CVE-2021-30507", "CVE-2021-30508", "CVE-2021-30509", "CVE-2021-30510", "CVE-2021-30511", "CVE-2021-30512", "CVE-2021-30513", "CVE-2021-30514", "CVE-2021-30515", "CVE-2021-30516", "CVE-2021-30517", "CVE-2021-30518", "CVE-2021-30519", "CVE-2021-30520"], "modified": "2021-06-01T00:00:00", "id": "ASA-202106-1", "href": "https://security.archlinux.org/ASA-202106-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:33:55", "description": "Arch Linux Security Advisory ASA-202105-8\n=========================================\n\nSeverity: High\nDate : 2021-05-19\nCVE-ID : CVE-2021-30506 CVE-2021-30507 CVE-2021-30508 CVE-2021-30509\nCVE-2021-30510 CVE-2021-30511 CVE-2021-30512 CVE-2021-30513\nCVE-2021-30514 CVE-2021-30515 CVE-2021-30516 CVE-2021-30517\nCVE-2021-30518 CVE-2021-30519 CVE-2021-30520\nPackage : vivaldi\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1937\n\nSummary\n=======\n\nThe package vivaldi before version 3.8.2259.42-1 is vulnerable to\nmultiple issues including arbitrary code execution, content spoofing,\nincorrect calculation and information disclosure.\n\nResolution\n==========\n\nUpgrade to 3.8.2259.42-1.\n\n# pacman -Syu \"vivaldi>=3.8.2259.42-1\"\n\nThe problems have been fixed upstream in version 3.8.2259.42.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2021-30506 (content spoofing)\n\nAn incorrect security UI security issue has been found in the Web App\nInstalls component of the Chromium browser before version\n90.0.4430.212.\n\n- CVE-2021-30507 (incorrect calculation)\n\nAn inappropriate implementation security issue has been found in the\nOffline component of the Chromium browser before version 90.0.4430.212.\n\n- CVE-2021-30508 (arbitrary code execution)\n\nA heap buffer overflow security issue has been found in the Media Feeds\ncomponent of the Chromium browser before version 90.0.4430.212.\n\n- CVE-2021-30509 (arbitrary code execution)\n\nAn out of bounds write security issue has been found in the Tab Strip\ncomponent of the Chromium browser before version 90.0.4430.212.\n\n- CVE-2021-30510 (arbitrary code execution)\n\nA race condition security issue has been found in the Aura component of\nthe Chromium browser before version 90.0.4430.212.\n\n- CVE-2021-30511 (information disclosure)\n\nAn out of bounds read security issue has been found in the Tab Groups\ncomponent of the Chromium browser before version 90.0.4430.212.\n\n- CVE-2021-30512 (arbitrary code execution)\n\nA use after free security issue has been found in the Notifications\ncomponent of the Chromium browser before version 90.0.4430.212.\n\n- CVE-2021-30513 (incorrect calculation)\n\nA type confusion security issue has been found in the V8 component of\nthe Chromium browser before version 90.0.4430.212.\n\n- CVE-2021-30514 (arbitrary code execution)\n\nA use after free security issue has been found in the Autofill\ncomponent of the Chromium browser before version 90.0.4430.212.\n\n- CVE-2021-30515 (arbitrary code execution)\n\nA use after free security issue has been found in the File API\ncomponent of the Chromium browser before version 90.0.4430.212.\n\n- CVE-2021-30516 (arbitrary code execution)\n\nA heap buffer overflow security issue has been found in the History\ncomponent of the Chromium browser before version 90.0.4430.212.\n\n- CVE-2021-30517 (incorrect calculation)\n\nA type confusion security issue has been found in the V8 component of\nthe Chromium browser before version 90.0.4430.212.\n\n- CVE-2021-30518 (arbitrary code execution)\n\nA heap buffer overflow security issue has been found in the Reader Mode\ncomponent of the Chromium browser before version 90.0.4430.212.\n\n- CVE-2021-30519 (arbitrary code execution)\n\nA use after free security issue has been found in the Payments\ncomponent of the Chromium browser before version 90.0.4430.212.\n\n- CVE-2021-30520 (arbitrary code execution)\n\nA use after free security issue has been found in the Tab Strip\ncomponent of the Chromium browser before version 90.0.4430.212.\n\nImpact\n======\n\nA remote attacker could spoof content, disclose sensitive information,\nor execute arbitrary code through crafted web pages.\n\nReferences\n==========\n\nhttps://vivaldi.com/blog/new-vivaldi-on-android-language-switcher-blocks-cookies-dialogs/\nhttps://vivaldi.com/blog/desktop/minor-update-for-vivaldi-desktop-browser-3-8/\nhttps://vivaldi.com/blog/desktop/minor-update-2-for-vivaldi-desktop-browser-3-8/\nhttps://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop.html\nhttps://crbug.com/1180126\nhttps://crbug.com/1178202\nhttps://crbug.com/1195340\nhttps://crbug.com/1196309\nhttps://crbug.com/1197436\nhttps://crbug.com/1197875\nhttps://crbug.com/1200019\nhttps://crbug.com/1200490\nhttps://crbug.com/1200766\nhttps://crbug.com/1201073\nhttps://crbug.com/1201446\nhttps://crbug.com/1203122\nhttps://crbug.com/1203590\nhttps://crbug.com/1194058\nhttps://crbug.com/1193362\nhttps://security.archlinux.org/CVE-2021-30506\nhttps://security.archlinux.org/CVE-2021-30507\nhttps://security.archlinux.org/CVE-2021-30508\nhttps://security.archlinux.org/CVE-2021-30509\nhttps://security.archlinux.org/CVE-2021-30510\nhttps://security.archlinux.org/CVE-2021-30511\nhttps://security.archlinux.org/CVE-2021-30512\nhttps://security.archlinux.org/CVE-2021-30513\nhttps://security.archlinux.org/CVE-2021-30514\nhttps://security.archlinux.org/CVE-2021-30515\nhttps://security.archlinux.org/CVE-2021-30516\nhttps://security.archlinux.org/CVE-2021-30517\nhttps://security.archlinux.org/CVE-2021-30518\nhttps://security.archlinux.org/CVE-2021-30519\nhttps://security.archlinux.org/CVE-2021-30520", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-05-19T00:00:00", "type": "archlinux", "title": "[ASA-202105-8] vivaldi: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30506", "CVE-2021-30507", "CVE-2021-30508", "CVE-2021-30509", "CVE-2021-30510", "CVE-2021-30511", "CVE-2021-30512", "CVE-2021-30513", "CVE-2021-30514", "CVE-2021-30515", "CVE-2021-30516", "CVE-2021-30517", "CVE-2021-30518", "CVE-2021-30519", "CVE-2021-30520"], "modified": "2021-05-19T00:00:00", "id": "ASA-202105-8", "href": "https://security.archlinux.org/ASA-202105-8", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:33:54", "description": "Arch Linux Security Advisory ASA-202105-7\n=========================================\n\nSeverity: High\nDate : 2021-05-19\nCVE-ID : CVE-2021-30506 CVE-2021-30507 CVE-2021-30508 CVE-2021-30509\nCVE-2021-30510 CVE-2021-30511 CVE-2021-30512 CVE-2021-30513\nCVE-2021-30514 CVE-2021-30515 CVE-2021-30516 CVE-2021-30517\nCVE-2021-30518 CVE-2021-30519 CVE-2021-30520\nPackage : chromium\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1936\n\nSummary\n=======\n\nThe package chromium before version 90.0.4430.212-1 is vulnerable to\nmultiple issues including arbitrary code execution, content spoofing,\nincorrect calculation and information disclosure.\n\nResolution\n==========\n\nUpgrade to 90.0.4430.212-1.\n\n# pacman -Syu \"chromium>=90.0.4430.212-1\"\n\nThe problems have been fixed upstream in version 90.0.4430.212.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2021-30506 (content spoofing)\n\nAn incorrect security UI security issue has been found in the Web App\nInstalls component of the Chromium browser before version\n90.0.4430.212.\n\n- CVE-2021-30507 (incorrect calculation)\n\nAn inappropriate implementation security issue has been found in the\nOffline component of the Chromium browser before version 90.0.4430.212.\n\n- CVE-2021-30508 (arbitrary code execution)\n\nA heap buffer overflow security issue has been found in the Media Feeds\ncomponent of the Chromium browser before version 90.0.4430.212.\n\n- CVE-2021-30509 (arbitrary code execution)\n\nAn out of bounds write security issue has been found in the Tab Strip\ncomponent of the Chromium browser before version 90.0.4430.212.\n\n- CVE-2021-30510 (arbitrary code execution)\n\nA race condition security issue has been found in the Aura component of\nthe Chromium browser before version 90.0.4430.212.\n\n- CVE-2021-30511 (information disclosure)\n\nAn out of bounds read security issue has been found in the Tab Groups\ncomponent of the Chromium browser before version 90.0.4430.212.\n\n- CVE-2021-30512 (arbitrary code execution)\n\nA use after free security issue has been found in the Notifications\ncomponent of the Chromium browser before version 90.0.4430.212.\n\n- CVE-2021-30513 (incorrect calculation)\n\nA type confusion security issue has been found in the V8 component of\nthe Chromium browser before version 90.0.4430.212.\n\n- CVE-2021-30514 (arbitrary code execution)\n\nA use after free security issue has been found in the Autofill\ncomponent of the Chromium browser before version 90.0.4430.212.\n\n- CVE-2021-30515 (arbitrary code execution)\n\nA use after free security issue has been found in the File API\ncomponent of the Chromium browser before version 90.0.4430.212.\n\n- CVE-2021-30516 (arbitrary code execution)\n\nA heap buffer overflow security issue has been found in the History\ncomponent of the Chromium browser before version 90.0.4430.212.\n\n- CVE-2021-30517 (incorrect calculation)\n\nA type confusion security issue has been found in the V8 component of\nthe Chromium browser before version 90.0.4430.212.\n\n- CVE-2021-30518 (arbitrary code execution)\n\nA heap buffer overflow security issue has been found in the Reader Mode\ncomponent of the Chromium browser before version 90.0.4430.212.\n\n- CVE-2021-30519 (arbitrary code execution)\n\nA use after free security issue has been found in the Payments\ncomponent of the Chromium browser before version 90.0.4430.212.\n\n- CVE-2021-30520 (arbitrary code execution)\n\nA use after free security issue has been found in the Tab Strip\ncomponent of the Chromium browser before version 90.0.4430.212.\n\nImpact\n======\n\nA remote attacker could spoof content, disclose sensitive information,\nor execute arbitrary code through crafted web pages.\n\nReferences\n==========\n\nhttps://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop.html\nhttps://crbug.com/1180126\nhttps://crbug.com/1178202\nhttps://crbug.com/1195340\nhttps://crbug.com/1196309\nhttps://crbug.com/1197436\nhttps://crbug.com/1197875\nhttps://crbug.com/1200019\nhttps://crbug.com/1200490\nhttps://crbug.com/1200766\nhttps://crbug.com/1201073\nhttps://crbug.com/1201446\nhttps://crbug.com/1203122\nhttps://crbug.com/1203590\nhttps://crbug.com/1194058\nhttps://crbug.com/1193362\nhttps://security.archlinux.org/CVE-2021-30506\nhttps://security.archlinux.org/CVE-2021-30507\nhttps://security.archlinux.org/CVE-2021-30508\nhttps://security.archlinux.org/CVE-2021-30509\nhttps://security.archlinux.org/CVE-2021-30510\nhttps://security.archlinux.org/CVE-2021-30511\nhttps://security.archlinux.org/CVE-2021-30512\nhttps://security.archlinux.org/CVE-2021-30513\nhttps://security.archlinux.org/CVE-2021-30514\nhttps://security.archlinux.org/CVE-2021-30515\nhttps://security.archlinux.org/CVE-2021-30516\nhttps://security.archlinux.org/CVE-2021-30517\nhttps://security.archlinux.org/CVE-2021-30518\nhttps://security.archlinux.org/CVE-2021-30519\nhttps://security.archlinux.org/CVE-2021-30520", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-05-19T00:00:00", "type": "archlinux", "title": "[ASA-202105-7] chromium: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30506", "CVE-2021-30507", "CVE-2021-30508", "CVE-2021-30509", "CVE-2021-30510", "CVE-2021-30511", "CVE-2021-30512", "CVE-2021-30513", "CVE-2021-30514", "CVE-2021-30515", "CVE-2021-30516", "CVE-2021-30517", "CVE-2021-30518", "CVE-2021-30519", "CVE-2021-30520"], "modified": "2021-05-19T00:00:00", "id": "ASA-202105-7", "href": "https://security.archlinux.org/ASA-202105-7", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:33:54", "description": "Arch Linux Security Advisory ASA-202106-33\n==========================================\n\nSeverity: High\nDate : 2021-06-15\nCVE-ID : CVE-2021-30522 CVE-2021-30523 CVE-2021-30524 CVE-2021-30525\nCVE-2021-30526 CVE-2021-30527 CVE-2021-30529 CVE-2021-30530\nCVE-2021-30531 CVE-2021-30532 CVE-2021-30533 CVE-2021-30534\nCVE-2021-30535 CVE-2021-30536 CVE-2021-30537 CVE-2021-30538\nCVE-2021-30539 CVE-2021-30542 CVE-2021-30543\nPackage : opera\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1992\n\nSummary\n=======\n\nThe package opera before version 77.0.4054.60-1 is vulnerable to\nmultiple issues including arbitrary code execution, information\ndisclosure and insufficient validation.\n\nResolution\n==========\n\nUpgrade to 77.0.4054.60-1.\n\n# pacman -Syu \"opera>=77.0.4054.60-1\"\n\nThe problems have been fixed upstream in version 77.0.4054.60.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2021-30522 (arbitrary code execution)\n\nA use after free security issue has been found in the WebAudio\ncomponent of the Chromium browser before version 91.0.4472.77.\n\n- CVE-2021-30523 (arbitrary code execution)\n\nA use after free security issue has been found in the WebRTC component\nof the Chromium browser before version 91.0.4472.77.\n\n- CVE-2021-30524 (arbitrary code execution)\n\nA use after free security issue has been found in the TabStrip\ncomponent of the Chromium browser before version 91.0.4472.77.\n\n- CVE-2021-30525 (arbitrary code execution)\n\nA use after free security issue has been found in the TabGroups\ncomponent of the Chromium browser before version 91.0.4472.77.\n\n- CVE-2021-30526 (arbitrary code execution)\n\nAn out of bounds write security issue has been found in the TabStrip\ncomponent of the Chromium browser before version 91.0.4472.77.\n\n- CVE-2021-30527 (arbitrary code execution)\n\nA use after free security issue has been found in the WebUI component\nof the Chromium browser before version 91.0.4472.77.\n\n- CVE-2021-30529 (arbitrary code execution)\n\nA use after free security issue has been found in the Bookmarks\ncomponent of the Chromium browser before version 91.0.4472.77.\n\n- CVE-2021-30530 (information disclosure)\n\nAn out of bounds memory access security issue has been found in the\nWebAudio component of the Chromium browser before version 91.0.4472.77.\n\n- CVE-2021-30531 (insufficient validation)\n\nAn insufficient policy enforcement security issue has been found in the\nContent Security Policy component of the Chromium browser before\nversion 91.0.4472.77.\n\n- CVE-2021-30532 (insufficient validation)\n\nAn insufficient policy enforcement security issue has been found in the\nContent Security Policy component of the Chromium browser before\nversion 91.0.4472.77.\n\n- CVE-2021-30533 (insufficient validation)\n\nAn insufficient policy enforcement security issue has been found in the\nPopupBlocker component of the Chromium browser before version\n91.0.4472.77.\n\n- CVE-2021-30534 (insufficient validation)\n\nAn insufficient policy enforcement security issue has been found in the\niFrameSandbox component of the Chromium browser before version\n91.0.4472.77.\n\n- CVE-2021-30535 (arbitrary code execution)\n\nA double free security issue has been found in the ICU component of the\nChromium browser before version 91.0.4472.77.\n\n- CVE-2021-30536 (information disclosure)\n\nAn out of bounds read security issue has been found in the V8 component\nof the Chromium browser before version 91.0.4472.77.\n\n- CVE-2021-30537 (insufficient validation)\n\nAn insufficient policy enforcement security issue has been found in the\ncookies component of the Chromium browser before version 91.0.4472.77.\n\n- CVE-2021-30538 (insufficient validation)\n\nAn insufficient policy enforcement security issue has been found in the\ncontent security policy component of the Chromium browser before\nversion 91.0.4472.77.\n\n- CVE-2021-30539 (insufficient validation)\n\nAn insufficient policy enforcement security issue has been found in the\ncontent security policy component of the Chromium browser before\nversion 91.0.4472.77.\n\n- CVE-2021-30542 (arbitrary code execution)\n\nA use after free security issue has been found in the Tab Strip\ncomponent of the Chromium browser before version 91.0.4472.77.\n\n- CVE-2021-30543 (arbitrary code execution)\n\nA use after free security issue has been found in the Tab Strip\ncomponent of the Chromium browser before version 91.0.4472.77.\n\nImpact\n======\n\nA remote attacker could spoof content, disclose sensitive information,\nor execute arbitrary code through crafted web pages.\n\nReferences\n==========\n\nhttps://blogs.opera.com/desktop/changelog-for-76/\nhttps://blogs.opera.com/desktop/changelog-for-77/\nhttps://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html\nhttps://crbug.com/1176218\nhttps://crbug.com/1187797\nhttps://crbug.com/1197146\nhttps://crbug.com/1197888\nhttps://crbug.com/1198717\nhttps://crbug.com/1199198\nhttps://crbug.com/1195278\nhttps://crbug.com/1201033\nhttps://crbug.com/1115628\nhttps://crbug.com/1117687\nhttps://crbug.com/1145553\nhttps://crbug.com/1151507\nhttps://crbug.com/1194899\nhttps://crbug.com/1194358\nhttps://crbug.com/830101\nhttps://crbug.com/1115045\nhttps://crbug.com/971231\nhttps://crbug.com/1184954\nhttps://crbug.com/1203607\nhttps://security.archlinux.org/CVE-2021-30522\nhttps://security.archlinux.org/CVE-2021-30523\nhttps://security.archlinux.org/CVE-2021-30524\nhttps://security.archlinux.org/CVE-2021-30525\nhttps://security.archlinux.org/CVE-2021-30526\nhttps://security.archlinux.org/CVE-2021-30527\nhttps://security.archlinux.org/CVE-2021-30529\nhttps://security.archlinux.org/CVE-2021-30530\nhttps://security.archlinux.org/CVE-2021-30531\nhttps://security.archlinux.org/CVE-2021-30532\nhttps://security.archlinux.org/CVE-2021-30533\nhttps://security.archlinux.org/CVE-2021-30534\nhttps://security.archlinux.org/CVE-2021-30535\nhttps://security.archlinux.org/CVE-2021-30536\nhttps://security.archlinux.org/CVE-2021-30537\nhttps://security.archlinux.org/CVE-2021-30538\nhttps://security.archlinux.org/CVE-2021-30539\nhttps://security.archlinux.org/CVE-2021-30542\nhttps://security.archlinux.org/CVE-2021-30543", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-06-15T00:00:00", "type": "archlinux", "title": "[ASA-202106-33] opera: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30522", "CVE-2021-30523", "CVE-2021-30524", "CVE-2021-30525", "CVE-2021-30526", "CVE-2021-30527", "CVE-2021-30529", "CVE-2021-30530", "CVE-2021-30531", "CVE-2021-30532", "CVE-2021-30533", "CVE-2021-30534", "CVE-2021-30535", "CVE-2021-30536", "CVE-2021-30537", "CVE-2021-30538", "CVE-2021-30539", "CVE-2021-30542", "CVE-2021-30543"], "modified": "2021-06-15T00:00:00", "id": "ASA-202106-33", "href": "https://security.archlinux.org/ASA-202106-33", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:33:53", "description": "Arch Linux Security Advisory ASA-202106-45\n==========================================\n\nSeverity: Critical\nDate : 2021-06-22\nCVE-ID : CVE-2021-30544 CVE-2021-30545 CVE-2021-30546 CVE-2021-30547\nCVE-2021-30548 CVE-2021-30549 CVE-2021-30550 CVE-2021-30551\nCVE-2021-30552 CVE-2021-30553\nPackage : opera\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-2059\n\nSummary\n=======\n\nThe package opera before version 77.0.4054.90-1 is vulnerable to\nmultiple issues including arbitrary code execution and incorrect\ncalculation.\n\nResolution\n==========\n\nUpgrade to 77.0.4054.90-1.\n\n# pacman -Syu \"opera>=77.0.4054.90-1\"\n\nThe problems have been fixed upstream in version 77.0.4054.90.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2021-30544 (arbitrary code execution)\n\nA use after free security issue has been found in the BFCache component\nof the Chromium browser before version 91.0.4472.101.\n\n- CVE-2021-30545 (arbitrary code execution)\n\nA use after free security issue has been found in the Extensions\ncomponent of the Chromium browser before version 91.0.4472.101.\n\n- CVE-2021-30546 (arbitrary code execution)\n\nA use after free security issue has been found in the Autofill\ncomponent of the Chromium browser before version 91.0.4472.101.\n\n- CVE-2021-30547 (arbitrary code execution)\n\nAn out of bounds write security issue has been found in the ANGLE\ncomponent of the Chromium browser before version 91.0.4472.101.\n\n- CVE-2021-30548 (arbitrary code execution)\n\nA use after free security issue has been found in the Loader component\nof the Chromium browser before version 91.0.4472.101.\n\n- CVE-2021-30549 (arbitrary code execution)\n\nA use after free security issue has been found in the Spell check\ncomponent of the Chromium browser before version 91.0.4472.101.\n\n- CVE-2021-30550 (arbitrary code execution)\n\nA use after free security issue has been found in the Accessibility\ncomponent of the Chromium browser before version 91.0.4472.101.\n\n- CVE-2021-30551 (incorrect calculation)\n\nA type confusion security issue has been found in the V8 component of\nthe Chromium browser before version 91.0.4472.101. Google is aware that\nan exploit for CVE-2021-30551 exists in the wild.\n\n- CVE-2021-30552 (arbitrary code execution)\n\nA use after free security issue has been found in the Extensions\ncomponent of the Chromium browser before version 91.0.4472.101.\n\n- CVE-2021-30553 (arbitrary code execution)\n\nA use after free security issue has been found in the Network service\ncomponent of the Chromium browser before version 91.0.4472.101.\n\nImpact\n======\n\nA remote attacker could execute arbitrary code through a crafted web\npage or extension. Google is aware that an exploit for one of the\nsecurity issues exists in the wild.\n\nReferences\n==========\n\nhttps://blogs.opera.com/desktop/changelog-for-77/\nhttps://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html\nhttps://crbug.com/1212618\nhttps://crbug.com/1201031\nhttps://crbug.com/1206911\nhttps://crbug.com/1210414\nhttps://crbug.com/1210487\nhttps://crbug.com/1212498\nhttps://crbug.com/1212500\nhttps://crbug.com/1216437\nhttps://crbug.com/1200679\nhttps://crbug.com/1209769\nhttps://security.archlinux.org/CVE-2021-30544\nhttps://security.archlinux.org/CVE-2021-30545\nhttps://security.archlinux.org/CVE-2021-30546\nhttps://security.archlinux.org/CVE-2021-30547\nhttps://security.archlinux.org/CVE-2021-30548\nhttps://security.archlinux.org/CVE-2021-30549\nhttps://security.archlinux.org/CVE-2021-30550\nhttps://security.archlinux.org/CVE-2021-30551\nhttps://security.archlinux.org/CVE-2021-30552\nhttps://security.archlinux.org/CVE-2021-30553", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-06-22T00:00:00", "type": "archlinux", "title": "[ASA-202106-45] opera: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30544", "CVE-2021-30545", "CVE-2021-30546", "CVE-2021-30547", "CVE-2021-30548", "CVE-2021-30549", "CVE-2021-30550", "CVE-2021-30551", "CVE-2021-30552", "CVE-2021-30553"], "modified": "2021-06-22T00:00:00", "id": "ASA-202106-45", "href": "https://security.archlinux.org/ASA-202106-45", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:33:54", "description": "Arch Linux Security Advisory ASA-202106-31\n==========================================\n\nSeverity: Critical\nDate : 2021-06-15\nCVE-ID : CVE-2021-30544 CVE-2021-30545 CVE-2021-30546 CVE-2021-30547\nCVE-2021-30548 CVE-2021-30549 CVE-2021-30550 CVE-2021-30551\nCVE-2021-30552 CVE-2021-30553\nPackage : chromium\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-2057\n\nSummary\n=======\n\nThe package chromium before version 91.0.4472.101-1 is vulnerable to\nmultiple issues including arbitrary code execution and incorrect\ncalculation.\n\nResolution\n==========\n\nUpgrade to 91.0.4472.101-1.\n\n# pacman -Syu \"chromium>=91.0.4472.101-1\"\n\nThe problems have been fixed upstream in version 91.0.4472.101.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2021-30544 (arbitrary code execution)\n\nA use after free security issue has been found in the BFCache component\nof the Chromium browser before version 91.0.4472.101.\n\n- CVE-2021-30545 (arbitrary code execution)\n\nA use after free security issue has been found in the Extensions\ncomponent of the Chromium browser before version 91.0.4472.101.\n\n- CVE-2021-30546 (arbitrary code execution)\n\nA use after free security issue has been found in the Autofill\ncomponent of the Chromium browser before version 91.0.4472.101.\n\n- CVE-2021-30547 (arbitrary code execution)\n\nAn out of bounds write security issue has been found in the ANGLE\ncomponent of the Chromium browser before version 91.0.4472.101.\n\n- CVE-2021-30548 (arbitrary code execution)\n\nA use after free security issue has been found in the Loader component\nof the Chromium browser before version 91.0.4472.101.\n\n- CVE-2021-30549 (arbitrary code execution)\n\nA use after free security issue has been found in the Spell check\ncomponent of the Chromium browser before version 91.0.4472.101.\n\n- CVE-2021-30550 (arbitrary code execution)\n\nA use after free security issue has been found in the Accessibility\ncomponent of the Chromium browser before version 91.0.4472.101.\n\n- CVE-2021-30551 (incorrect calculation)\n\nA type confusion security issue has been found in the V8 component of\nthe Chromium browser before version 91.0.4472.101. Google is aware that\nan exploit for CVE-2021-30551 exists in the wild.\n\n- CVE-2021-30552 (arbitrary code execution)\n\nA use after free security issue has been found in the Extensions\ncomponent of the Chromium browser before version 91.0.4472.101.\n\n- CVE-2021-30553 (arbitrary code execution)\n\nA use after free security issue has been found in the Network service\ncomponent of the Chromium browser before version 91.0.4472.101.\n\nImpact\n======\n\nA remote attacker could execute arbitrary code through a crafted web\npage or extension. Google is aware that an exploit for one of the\nsecurity issues exists in the wild.\n\nReferences\n==========\n\nhttps://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html\nhttps://crbug.com/1212618\nhttps://crbug.com/1201031\nhttps://crbug.com/1206911\nhttps://crbug.com/1210414\nhttps://crbug.com/1210487\nhttps://crbug.com/1212498\nhttps://crbug.com/1212500\nhttps://crbug.com/1216437\nhttps://crbug.com/1200679\nhttps://crbug.com/1209769\nhttps://security.archlinux.org/CVE-2021-30544\nhttps://security.archlinux.org/CVE-2021-30545\nhttps://security.archlinux.org/CVE-2021-30546\nhttps://security.archlinux.org/CVE-2021-30547\nhttps://security.archlinux.org/CVE-2021-30548\nhttps://security.archlinux.org/CVE-2021-30549\nhttps://security.archlinux.org/CVE-2021-30550\nhttps://security.archlinux.org/CVE-2021-30551\nhttps://security.archlinux.org/CVE-2021-30552\nhttps://security.archlinux.org/CVE-2021-30553", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-06-15T00:00:00", "type": "archlinux", "title": "[ASA-202106-31] chromium: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30544", "CVE-2021-30545", "CVE-2021-30546", "CVE-2021-30547", "CVE-2021-30548", "CVE-2021-30549", "CVE-2021-30550", "CVE-2021-30551", "CVE-2021-30552", "CVE-2021-30553"], "modified": "2021-06-15T00:00:00", "id": "ASA-202106-31", "href": "https://security.archlinux.org/ASA-202106-31", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:33:53", "description": "Arch Linux Security Advisory ASA-202106-32\n==========================================\n\nSeverity: Critical\nDate : 2021-06-15\nCVE-ID : CVE-2021-30544 CVE-2021-30545 CVE-2021-30546 CVE-2021-30547\nCVE-2021-30548 CVE-2021-30549 CVE-2021-30550 CVE-2021-30551\nCVE-2021-30552 CVE-2021-30553\nPackage : vivaldi\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-2058\n\nSummary\n=======\n\nThe package vivaldi before version 4.0.2312.25-1 is vulnerable to\nmultiple issues including arbitrary code execution and incorrect\ncalculation.\n\nResolution\n==========\n\nUpgrade to 4.0.2312.25-1.\n\n# pacman -Syu \"vivaldi>=4.0.2312.25-1\"\n\nThe problems have been fixed upstream in version 4.0.2312.25.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2021-30544 (arbitrary code execution)\n\nA use after free security issue has been found in the BFCache component\nof the Chromium browser before version 91.0.4472.101.\n\n- CVE-2021-30545 (arbitrary code execution)\n\nA use after free security issue has been found in the Extensions\ncomponent of the Chromium browser before version 91.0.4472.101.\n\n- CVE-2021-30546 (arbitrary code execution)\n\nA use after free security issue has been found in the Autofill\ncomponent of the Chromium browser before version 91.0.4472.101.\n\n- CVE-2021-30547 (arbitrary code execution)\n\nAn out of bounds write security issue has been found in the ANGLE\ncomponent of the Chromium browser before version 91.0.4472.101.\n\n- CVE-2021-30548 (arbitrary code execution)\n\nA use after free security issue has been found in the Loader component\nof the Chromium browser before version 91.0.4472.101.\n\n- CVE-2021-30549 (arbitrary code execution)\n\nA use after free security issue has been found in the Spell check\ncomponent of the Chromium browser before version 91.0.4472.101.\n\n- CVE-2021-30550 (arbitrary code execution)\n\nA use after free security issue has been found in the Accessibility\ncomponent of the Chromium browser before version 91.0.4472.101.\n\n- CVE-2021-30551 (incorrect calculation)\n\nA type confusion security issue has been found in the V8 component of\nthe Chromium browser before version 91.0.4472.101. Google is aware that\nan exploit for CVE-2021-30551 exists in the wild.\n\n- CVE-2021-30552 (arbitrary code execution)\n\nA use after free security issue has been found in the Extensions\ncomponent of the Chromium browser before version 91.0.4472.101.\n\n- CVE-2021-30553 (arbitrary code execution)\n\nA use after free security issue has been found in the Network service\ncomponent of the Chromium browser before version 91.0.4472.101.\n\nImpact\n======\n\nA remote attacker could execute arbitrary code through a crafted web\npage or extension. Google is aware that an exploit for one of the\nsecurity issues exists in the wild.\n\nReferences\n==========\n\nhttps://vivaldi.com/blog/desktop/minor-update-for-vivaldi-desktop-browser-4-0/\nhttps://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html\nhttps://crbug.com/1212618\nhttps://crbug.com/1201031\nhttps://crbug.com/1206911\nhttps://crbug.com/1210414\nhttps://crbug.com/1210487\nhttps://crbug.com/1212498\nhttps://crbug.com/1212500\nhttps://crbug.com/1216437\nhttps://crbug.com/1200679\nhttps://crbug.com/1209769\nhttps://security.archlinux.org/CVE-2021-30544\nhttps://security.archlinux.org/CVE-2021-30545\nhttps://security.archlinux.org/CVE-2021-30546\nhttps://security.archlinux.org/CVE-2021-30547\nhttps://security.archlinux.org/CVE-2021-30548\nhttps://security.archlinux.org/CVE-2021-30549\nhttps://security.archlinux.org/CVE-2021-30550\nhttps://security.archlinux.org/CVE-2021-30551\nhttps://security.archlinux.org/CVE-2021-30552\nhttps://security.archlinux.org/CVE-2021-30553", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-06-15T00:00:00", "type": "archlinux", "title": "[ASA-202106-32] vivaldi: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30544", "CVE-2021-30545", "CVE-2021-30546", "CVE-2021-30547", "CVE-2021-30548", "CVE-2021-30549", "CVE-2021-30550", "CVE-2021-30551", "CVE-2021-30552", "CVE-2021-30553"], "modified": "2021-06-15T00:00:00", "id": "ASA-202106-32", "href": "https://security.archlinux.org/ASA-202106-32", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:33:53", "description": "Arch Linux Security Advisory ASA-202106-46\n==========================================\n\nSeverity: High\nDate : 2021-06-22\nCVE-ID : CVE-2021-30554 CVE-2021-30555 CVE-2021-30556 CVE-2021-30557\nPackage : chromium\nType : arbitrary code execution\nRemote : Yes\nLink : https://security.archlinux.org/AVG-2081\n\nSummary\n=======\n\nThe package chromium before version 91.0.4472.114-1 is vulnerable to\narbitrary code execution.\n\nResolution\n==========\n\nUpgrade to 91.0.4472.114-1.\n\n# pacman -Syu \"chromium>=91.0.4472.114-1\"\n\nThe problems have been fixed upstream in version 91.0.4472.114.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2021-30554 (arbitrary code execution)\n\nA use after free security issue has been found in the WebGL component\nof the Chromium browser engine before version 91.0.4472.114. Google is\naware that an exploit for CVE-2021-30554 exists in the wild.\n\n- CVE-2021-30555 (arbitrary code execution)\n\nA use after free security issue has been found in the Sharing component\nof the Chromium browser engine before version 91.0.4472.114.\n\n- CVE-2021-30556 (arbitrary code execution)\n\nA use after free security issue has been found in the WebAudio\ncomponent of the Chromium browser engine before version 91.0.4472.114.\n\n- CVE-2021-30557 (arbitrary code execution)\n\nA use after free security issue has been found in the TabGroups\ncomponent of the Chromium browser engine before version 91.0.4472.114.\n\nImpact\n======\n\nA remote attacker could execute arbitrary code through a crafted web\npage. Google is aware that an exploit for one of the security issues\nexists in the wild.\n\nReferences\n==========\n\nhttps://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html\nhttps://crbug.com/1219857\nhttps://crbug.com/1215029\nhttps://crbug.com/1212599\nhttps://crbug.com/1202102\nhttps://security.archlinux.org/CVE-2021-30554\nhttps://security.archlinux.org/CVE-2021-30555\nhttps://security.archlinux.org/CVE-2021-30556\nhttps://security.archlinux.org/CVE-2021-30557", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-06-22T00:00:00", "type": "archlinux", "title": "[ASA-202106-46] chromium: arbitrary code execution", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30554", "CVE-2021-30555", "CVE-2021-30556", "CVE-2021-30557"], "modified": "2021-06-22T00:00:00", "id": "ASA-202106-46", "href": "https://security.archlinux.org/ASA-202106-46", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:33:53", "description": "Arch Linux Security Advisory ASA-202106-47\n==========================================\n\nSeverity: High\nDate : 2021-06-22\nCVE-ID : CVE-2021-30554 CVE-2021-30555 CVE-2021-30556 CVE-2021-30557\nPackage : vivaldi\nType : arbitrary code execution\nRemote : Yes\nLink : https://security.archlinux.org/AVG-2082\n\nSummary\n=======\n\nThe package vivaldi before version 4.0.2312.33-1 is vulnerable to\narbitrary code execution.\n\nResolution\n==========\n\nUpgrade to 4.0.2312.33-1.\n\n# pacman -Syu \"vivaldi>=4.0.2312.33-1\"\n\nThe problems have been fixed upstream in version 4.0.2312.33.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2021-30554 (arbitrary code execution)\n\nA use after free security issue has been found in the WebGL component\nof the Chromium browser engine before version 91.0.4472.114. Google is\naware that an exploit for CVE-2021-30554 exists in the wild.\n\n- CVE-2021-30555 (arbitrary code execution)\n\nA use after free security issue has been found in the Sharing component\nof the Chromium browser engine before version 91.0.4472.114.\n\n- CVE-2021-30556 (arbitrary code execution)\n\nA use after free security issue has been found in the WebAudio\ncomponent of the Chromium browser engine before version 91.0.4472.114.\n\n- CVE-2021-30557 (arbitrary code execution)\n\nA use after free security issue has been found in the TabGroups\ncomponent of the Chromium browser engine before version 91.0.4472.114.\n\nImpact\n======\n\nA remote attacker could execute arbitrary code through a crafted web\npage. Google is aware that an exploit for one of the security issues\nexists in the wild.\n\nReferences\n==========\n\nhttps://vivaldi.com/blog/desktop/minor-update-for-vivaldi-desktop-browser-4-0/\nhttps://vivaldi.com/blog/desktop/minor-update-3-for-vivaldi-desktop-browser-4-0/\nhttps://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html\nhttps://crbug.com/1219857\nhttps://crbug.com/1215029\nhttps://crbug.com/1212599\nhttps://crbug.com/1202102\nhttps://security.archlinux.org/CVE-2021-30554\nhttps://security.archlinux.org/CVE-2021-30555\nhttps://security.archlinux.org/CVE-2021-30556\nhttps://security.archlinux.org/CVE-2021-30557", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-06-22T00:00:00", "type": "archlinux", "title": "[ASA-202106-47] vivaldi: arbitrary code execution", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30554", "CVE-2021-30555", "CVE-2021-30556", "CVE-2021-30557"], "modified": "2021-06-22T00:00:00", "id": "ASA-202106-47", "href": "https://security.archlinux.org/ASA-202106-47", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:33:53", "description": "Arch Linux Security Advisory ASA-202107-4\n=========================================\n\nSeverity: High\nDate : 2021-07-01\nCVE-ID : CVE-2021-30554 CVE-2021-30555 CVE-2021-30556 CVE-2021-30557\nPackage : opera\nType : arbitrary code execution\nRemote : Yes\nLink : https://security.archlinux.org/AVG-2083\n\nSummary\n=======\n\nThe package opera before version 77.0.4054.146-1 is vulnerable to\narbitrary code execution.\n\nResolution\n==========\n\nUpgrade to 77.0.4054.146-1.\n\n# pacman -Syu \"opera>=77.0.4054.146-1\"\n\nThe problems have been fixed upstream in version 77.0.4054.146.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2021-30554 (arbitrary code execution)\n\nA use after free security issue has been found in the WebGL component\nof the Chromium browser engine before version 91.0.4472.114. Google is\naware that an exploit for CVE-2021-30554 exists in the wild.\n\n- CVE-2021-30555 (arbitrary code execution)\n\nA use after free security issue has been found in the Sharing component\nof the Chromium browser engine before version 91.0.4472.114.\n\n- CVE-2021-30556 (arbitrary code execution)\n\nA use after free security issue has been found in the WebAudio\ncomponent of the Chromium browser engine before version 91.0.4472.114.\n\n- CVE-2021-30557 (arbitrary code execution)\n\nA use after free security issue has been found in the TabGroups\ncomponent of the Chromium browser engine before version 91.0.4472.114.\n\nImpact\n======\n\nA remote attacker could execute arbitrary code through a crafted web\npage. Google is aware that an exploit for one of the security issues\nexists in the wild.\n\nReferences\n==========\n\nhttps://blogs.opera.com/desktop/changelog-for-77/\nhttps://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html\nhttps://crbug.com/1219857\nhttps://crbug.com/1215029\nhttps://crbug.com/1212599\nhttps://crbug.com/1202102\nhttps://security.archlinux.org/CVE-2021-30554\nhttps://security.archlinux.org/CVE-2021-30555\nhttps://security.archlinux.org/CVE-2021-30556\nhttps://security.archlinux.org/CVE-2021-30557", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-01T00:00:00", "type": "archlinux", "title": "[ASA-202107-4] opera: arbitrary code execution", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30554", "CVE-2021-30555", "CVE-2021-30556", "CVE-2021-30557"], "modified": "2021-07-01T00:00:00", "id": "ASA-202107-4", "href": "https://security.archlinux.org/ASA-202107-4", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:33:53", "description": "Arch Linux Security Advisory ASA-202107-2\n=========================================\n\nSeverity: Critical\nDate : 2021-07-01\nCVE-ID : CVE-2021-30544 CVE-2021-30548 CVE-2021-30551\nPackage : electron11\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-2099\n\nSummary\n=======\n\nThe package electron11 before version 11.4.9-1 is vulnerable to\nmultiple issues including arbitrary code execution and incorrect\ncalculation.\n\nResolution\n==========\n\nUpgrade to 11.4.9-1.\n\n# pacman -Syu \"electron11>=11.4.9-1\"\n\nThe problems have been fixed upstream in version 11.4.9.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2021-30544 (arbitrary code execution)\n\nA use after free security issue has been found in the BFCache component\nof the Chromium browser before version 91.0.4472.101.\n\n- CVE-2021-30548 (arbitrary code execution)\n\nA use after free security issue has been found in the Loader component\nof the Chromium browser before version 91.0.4472.101.\n\n- CVE-2021-30551 (incorrect calculation)\n\nA type confusion security issue has been found in the V8 component of\nthe Chromium browser before version 91.0.4472.101. Google is aware that\nan exploit for CVE-2021-30551 exists in the wild.\n\nImpact\n======\n\nA remote attacker could execute arbitrary code through a crafted web\npage. Google is aware that an exploit for one of the security issues\nexists in the wild.\n\nReferences\n==========\n\nhttps://www.electronjs.org/releases/stable?version=11#11.4.9\nhttps://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html\nhttps://crbug.com/1212618\nhttps://crbug.com/1210487\nhttps://crbug.com/1216437\nhttps://security.archlinux.org/CVE-2021-30544\nhttps://security.archlinux.org/CVE-2021-30548\nhttps://security.archlinux.org/CVE-2021-30551", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-01T00:00:00", "type": "archlinux", "title": "[ASA-202107-2] electron11: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30544", "CVE-2021-30548", "CVE-2021-30551"], "modified": "2021-07-01T00:00:00", "id": "ASA-202107-2", "href": "https://security.archlinux.org/ASA-202107-2", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:33:53", "description": "Arch Linux Security Advisory ASA-202107-1\n=========================================\n\nSeverity: High\nDate : 2021-07-01\nCVE-ID : CVE-2021-30547 CVE-2021-30553 CVE-2021-30554\nPackage : electron12\nType : arbitrary code execution\nRemote : Yes\nLink : https://security.archlinux.org/AVG-2112\n\nSummary\n=======\n\nThe package electron12 before version 12.0.13-1 is vulnerable to\narbitrary code execution.\n\nResolution\n==========\n\nUpgrade to 12.0.13-1.\n\n# pacman -Syu \"electron12>=12.0.13-1\"\n\nThe problems have been fixed upstream in version 12.0.13.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2021-30547 (arbitrary code execution)\n\nAn out of bounds write security issue has been found in the ANGLE\ncomponent of the Chromium browser before version 91.0.4472.101.\n\n- CVE-2021-30553 (arbitrary code execution)\n\nA use after free security issue has been found in the Network service\ncomponent of the Chromium browser before version 91.0.4472.101.\n\n- CVE-2021-30554 (arbitrary code execution)\n\nA use after free security issue has been found in the WebGL component\nof the Chromium browser engine before version 91.0.4472.114. Google is\naware that an exploit for CVE-2021-30554 exists in the wild.\n\nImpact\n======\n\nA remote attacker could execute arbitrary code through a crafted web\npage. Google is aware that an exploit for one of the security issues\nexists in the wild.\n\nReferences\n==========\n\nhttps://github.com/electron/electron/releases/tag/v12.0.13\nhttps://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html\nhttps://crbug.com/1210414\nhttps://crbug.com/1209769\nhttps://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html\nhttps://crbug.com/1219857\nhttps://security.archlinux.org/CVE-2021-30547\nhttps://security.archlinux.org/CVE-2021-30553\nhttps://security.archlinux.org/CVE-2021-30554", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-01T00:00:00", "type": "archlinux", "title": "[ASA-202107-1] electron12: arbitrary code execution", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30547", "CVE-2021-30553", "CVE-2021-30554"], "modified": "2021-07-01T00:00:00", "id": "ASA-202107-1", "href": "https://security.archlinux.org/ASA-202107-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2022-11-08T04:09:03", "description": "An update that fixes 21 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Chromium 91.0.4472.77 (boo#1186458):\n\n * Support Managed configuration API for Web Applications\n * WebOTP API: cross-origin iframe support\n * CSS custom counter styles\n * Support JSON Modules\n * Clipboard: read-only files support\n * Remove webkitBeforeTextInserted & webkitEditableCOntentChanged JS events\n * Honor media HTML attribute for link icon\n * Import Assertions\n * Class static initializer blocks\n * Ergonomic brand checks for private fields\n * Expose WebAssembly SIMD\n * New Feature: WebTransport\n * ES Modules for service workers ('module' type option)\n * Suggested file name and location for the File System Access API\n * adaptivePTime property for RTCRtpEncodingParameters\n * Block HTTP port 10080 - mitigation for NAT Slipstream 2.0 attack\n * Support WebSockets over HTTP/2\n * Support 103 Early Hints for Navigation\n * CVE-2021-30521: Heap buffer overflow in Autofill\n * CVE-2021-30522: Use after free in WebAudio\n * CVE-2021-30523: Use after free in WebRTC\n * CVE-2021-30524: Use after free in TabStrip\n * CVE-2021-30525: Use after free in TabGroups\n * CVE-2021-30526: Out of bounds write in TabStrip\n * CVE-2021-30527: Use after free in WebUI\n * CVE-2021-30528: Use after free in WebAuthentication\n * CVE-2021-30529: Use after free in Bookmarks\n * CVE-2021-30530: Out of bounds memory access in WebAudio\n * CVE-2021-30531: Insufficient policy enforcement in Content Security\n Policy\n * CVE-2021-30532: Insufficient policy enforcement in Content Security\n Policy\n * CVE-2021-30533: Insufficient policy enforcement in PopupBlocker\n * CVE-2021-30534: Insufficient policy enforcement in iFrameSandbox\n * CVE-2021-30535: Double free in ICU\n * CVE-2021-21212: Insufficient data validation in networking\n * CVE-2021-30536: Out of bounds read in V8\n * CVE-2021-30537: Insufficient policy enforcement in cookies\n * CVE-2021-30538: Insufficient policy enforcement in content security\n policy\n * CVE-2021-30539: Insufficient policy enforcement in content security\n policy\n * CVE-2021-30540: Incorrect security UI in payments\n * Various fixes from internal audits, fuzzing and other initiatives\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP3:\n\n zypper in -t patch openSUSE-2021-840=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-04T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21212", "CVE-2021-30521", "CVE-2021-30522", "CVE-2021-30523", "CVE-2021-30524", "CVE-2021-30525", "CVE-2021-30526", "CVE-2021-30527", "CVE-2021-30528", "CVE-2021-30529", "CVE-2021-30530", "CVE-2021-30531", "CVE-2021-30532", "CVE-2021-30533", "CVE-2021-30534", "CVE-2021-30535", "CVE-2021-30536", "CVE-2021-30537", "CVE-2021-30538", "CVE-2021-30539", "CVE-2021-30540"], "modified": "2021-06-04T00:00:00", "id": "OPENSUSE-SU-2021:0840-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XA5KKDV2D4YM2QDZBKGBLQ726LJLT6BI/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-08T04:09:03", "description": "An update that fixes 21 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Chromium 91.0.4472.77 (boo#1186458):\n\n * Support Managed configuration API for Web Applications\n * WebOTP API: cross-origin iframe support\n * CSS custom counter styles\n * Support JSON Modules\n * Clipboard: read-only files support\n * Remove webkitBeforeTextInserted & webkitEditableCOntentChanged JS events\n * Honor media HTML attribute for link icon\n * Import Assertions\n * Class static initializer blocks\n * Ergonomic brand checks for private fields\n * Expose WebAssembly SIMD\n * New Feature: WebTransport\n * ES Modules for service workers ('module' type option)\n * Suggested file name and location for the File System Access API\n * adaptivePTime property for RTCRtpEncodingParameters\n * Block HTTP port 10080 - mitigation for NAT Slipstream 2.0 attack\n * Support WebSockets over HTTP/2\n * Support 103 Early Hints for Navigation\n * CVE-2021-30521: Heap buffer overflow in Autofill\n * CVE-2021-30522: Use after free in WebAudio\n * CVE-2021-30523: Use after free in WebRTC\n * CVE-2021-30524: Use after free in TabStrip\n * CVE-2021-30525: Use after free in TabGroups\n * CVE-2021-30526: Out of bounds write in TabStrip\n * CVE-2021-30527: Use after free in WebUI\n * CVE-2021-30528: Use after free in WebAuthentication\n * CVE-2021-30529: Use after free in Bookmarks\n * CVE-2021-30530: Out of bounds memory access in WebAudio\n * CVE-2021-30531: Insufficient policy enforcement in Content Security\n Policy\n * CVE-2021-30532: Insufficient policy enforcement in Content Security\n Policy\n * CVE-2021-30533: Insufficient policy enforcement in PopupBlocker\n * CVE-2021-30534: Insufficient policy enforcement in iFrameSandbox\n * CVE-2021-30535: Double free in ICU\n * CVE-2021-21212: Insufficient data validation in networking\n * CVE-2021-30536: Out of bounds read in V8\n * CVE-2021-30537: Insufficient policy enforcement in cookies\n * CVE-2021-30538: Insufficient policy enforcement in content security\n policy\n * CVE-2021-30539: Insufficient policy enforcement in content security\n policy\n * CVE-2021-30540: Incorrect security UI in payments\n * Various fixes from internal audits, fuzzing and other initiatives\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2021-825=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-02T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21212", "CVE-2021-30521", "CVE-2021-30522", "CVE-2021-30523", "CVE-2021-30524", "CVE-2021-30525", "CVE-2021-30526", "CVE-2021-30527", "CVE-2021-30528", "CVE-2021-30529", "CVE-2021-30530", "CVE-2021-30531", "CVE-2021-30532", "CVE-2021-30533", "CVE-2021-30534", "CVE-2021-30535", "CVE-2021-30536", "CVE-2021-30537", "CVE-2021-30538", "CVE-2021-30539", "CVE-2021-30540"], "modified": "2021-06-02T00:00:00", "id": "OPENSUSE-SU-2021:0825-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MJJHCREERF6N3XLSWRNBLKZ4TY5THPTY/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-08T04:09:03", "description": "An update that fixes 15 vulnerabilities is now available.\n\nDescription:\n\n This update for opera fixes the following issues:\n\n Update to version 76.0.4017.154\n\n - CHR-8420 Update chromium on desktop-stable-90-4017 to 90.0.4430.212\n - DNA-92411 Bookmarks breadcrumbs wrong color when pressed in dark mode\n - DNA-92587 Sync settings: \ufffd\ufffd\ufffdUse old password\ufffd\ufffd\ufffd button doesn\ufffd\ufffd\ufffdt work\n - DNA-92672 Make it possible for agent to inject scripts into startpage\n - DNA-92712 Add SD reload API\n - DNA-93190 The bookmark can\ufffd\ufffd\ufffdt be opened in Workspace 5-6\n - DNA-93247 Reopen last closed tab shortcut opens random tab on new window\n - DNA-93294 Binary diff for opera_browser.dll is not created on 32-bit\n builds\n - DNA-93313 Add opauto test to cover DNA-93190\n - DNA-93368 Fix an error in Polish translation\n - DNA-93408 [Windows] widevine_cdm_component_installer does not compile on\n desktop-stable-90-4017\n - The update to chromium 90.0.4430.212 fixes following issues:\n CVE-2021-30506, CVE-2021-30507, CVE-2021-30508, CVE-2021-30509,\n CVE-2021-30510, CVE-2021-30511, CVE-2021-30512, CVE-2021-30513,\n CVE-2021-30514, CVE-2021-30515, CVE-2021-30516, CVE-2021-30517,\n CVE-2021-30518, CVE-2021-30519, CVE-2021-30520\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.3:NonFree:\n\n zypper in -t patch openSUSE-2021-828=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-03T00:00:00", "type": "suse", "title": "Security update for opera (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30506", "CVE-2021-30507", "CVE-2021-30508", "CVE-2021-30509", "CVE-2021-30510", "CVE-2021-30511", "CVE-2021-30512", "CVE-2021-30513", "CVE-2021-30514", "CVE-2021-30515", "CVE-2021-30516", "CVE-2021-30517", "CVE-2021-30518", "CVE-2021-30519", "CVE-2021-30520"], "modified": "2021-06-03T00:00:00", "id": "OPENSUSE-SU-2021:0828-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6NV4ZBYMJFXP7FZOUO25I6RQ7DTPT3AO/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T12:40:27", "description": "An update that fixes 15 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n (This is a rerelease with aarch64 enabled.)\n\n Chromium 90.0.4430.212 (boo#1185908)\n\n * CVE-2021-30506: Incorrect security UI in Web App Installs\n * CVE-2021-30507: Inappropriate implementation in Offline\n * CVE-2021-30508: Heap buffer overflow in Media Feeds\n * CVE-2021-30509: Out of bounds write in Tab Strip\n * CVE-2021-30510: Race in Aura\n * CVE-2021-30511: Out of bounds read in Tab Group\n * CVE-2021-30512: Use after free in Notifications\n * CVE-2021-30513: Type Confusion in V8\n * CVE-2021-30514: Use after free in Autofill\n * CVE-2021-30515: Use after free in File API\n * CVE-2021-30516: Heap buffer overflow in History\n * CVE-2021-30517: Type Confusion in V8\n * CVE-2021-30518: Heap buffer overflow in Reader Mode\n * CVE-2021-30519: Use after free in Payments\n * CVE-2021-30520: Use after free in Tab Strip\n - FTP support disabled at runtime by default since release 88. Chromium 91\n will remove support for ftp altogether (boo#1185496)\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2021-762=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-05-22T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30506", "CVE-2021-30507", "CVE-2021-30508", "CVE-2021-30509", "CVE-2021-30510", "CVE-2021-30511", "CVE-2021-30512", "CVE-2021-30513", "CVE-2021-30514", "CVE-2021-30515", "CVE-2021-30516", "CVE-2021-30517", "CVE-2021-30518", "CVE-2021-30519", "CVE-2021-30520"], "modified": "2021-05-22T00:00:00", "id": "OPENSUSE-SU-2021:0762-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VXXTVK5FWZGMVLWH6O7ONOFANNOOJNWS/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-06T17:58:45", "description": "An update that fixes 15 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Chromium 90.0.4430.212 (boo#1185908)\n\n * CVE-2021-30506: Incorrect security UI in Web App Installs\n * CVE-2021-30507: Inappropriate implementation in Offline\n * CVE-2021-30508: Heap buffer overflow in Media Feeds\n * CVE-2021-30509: Out of bounds write in Tab Strip\n * CVE-2021-30510: Race in Aura\n * CVE-2021-30511: Out of bounds read in Tab Group\n * CVE-2021-30512: Use after free in Notifications\n * CVE-2021-30513: Type Confusion in V8\n * CVE-2021-30514: Use after free in Autofill\n * CVE-2021-30515: Use after free in File API\n * CVE-2021-30516: Heap buffer overflow in History\n * CVE-2021-30517: Type Confusion in V8\n * CVE-2021-30518: Heap buffer overflow in Reader Mode\n * CVE-2021-30519: Use after free in Payments\n * CVE-2021-30520: Use after free in Tab Strip\n - FTP support disabled at runtime by default since release 88. Chromium 91\n will remove support for ftp altogether (boo#1185496)\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2021-742=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-05-16T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30506", "CVE-2021-30507", "CVE-2021-30508", "CVE-2021-30509", "CVE-2021-30510", "CVE-2021-30511", "CVE-2021-30512", "CVE-2021-30513", "CVE-2021-30514", "CVE-2021-30515", "CVE-2021-30516", "CVE-2021-30517", "CVE-2021-30518", "CVE-2021-30519", "CVE-2021-30520"], "modified": "2021-05-16T00:00:00", "id": "OPENSUSE-SU-2021:0742-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/N343FIVEUFRWGMSE6EP3FRKNIN6RA6VT/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-08T04:09:03", "description": "An update that fixes 15 vulnerabilities is now available.\n\nDescription:\n\n This update for opera fixes the following issues:\n\n Update to version 76.0.4017.154\n\n - CHR-8420 Update chromium on desktop-stable-90-4017 to 90.0.4430.212\n - DNA-92411 Bookmarks breadcrumbs wrong color when pressed in dark mode\n - DNA-92587 Sync settings: \ufffd\ufffd\ufffdUse old password\ufffd\ufffd\ufffd button doesn\ufffd\ufffd\ufffdt work\n - DNA-92672 Make it possible for agent to inject scripts into startpage\n - DNA-92712 Add SD reload API\n - DNA-93190 The bookmark can\ufffd\ufffd\ufffdt be opened in Workspace 5-6\n - DNA-93247 Reopen last closed tab shortcut opens random tab on new window\n - DNA-93294 Binary diff for opera_browser.dll is not created on 32-bit\n builds\n - DNA-93313 Add opauto test to cover DNA-93190\n - DNA-93368 Fix an error in Polish translation\n - DNA-93408 [Windows] widevine_cdm_component_installer does not compile on\n desktop-stable-90-4017\n - The update to chromium 90.0.4430.212 fixes following issues:\n CVE-2021-30506, CVE-2021-30507, CVE-2021-30508, CVE-2021-30509,\n CVE-2021-30510, CVE-2021-30511, CVE-2021-30512, CVE-2021-30513,\n CVE-2021-30514, CVE-2021-30515, CVE-2021-30516, CVE-2021-30517,\n CVE-2021-30518, CVE-2021-30519, CVE-2021-30520\n\n Update to version 76.0.4017.123\n\n - DNA-91951 SkipAds click by default with Adblocker on Youtube\n - DNA-92293 [Mac] Crash at opera::BrowserWindowImpl::Cleanup()\n - DNA-92714 [Mac] Worskpace switching lags with lot of tabs\n - DNA-92847 DCHECK at tab_lifecycle_unit_source.cc:145\n - DNA-92860 [Windows] Fix issues when running buildsign script with Python\n 3\n - DNA-92879 Fix issues when running buildsign script with Python 3\n - DNA-92938 opera://activity/ page ignores workspaces\n - DNA-93015 [Player] Panel is too narrow\n - DNA-93044 Remove unnecessary question mark in Cashback string in Polish\n - DNA-93070 [Search Tabs] Selecting items with cursor keys skips\n over content matches\n - DNA-93122 Use input in builddiff.py\n - DNA-93175 Fix running repacking\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:NonFree:\n\n zypper in -t patch openSUSE-2021-829=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-03T00:00:00", "type": "suse", "title": "Security update for opera (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30506", "CVE-2021-30507", "CVE-2021-30508", "CVE-2021-30509", "CVE-2021-30510", "CVE-2021-30511", "CVE-2021-30512", "CVE-2021-30513", "CVE-2021-30514", "CVE-2021-30515", "CVE-2021-30516", "CVE-2021-30517", "CVE-2021-30518", "CVE-2021-30519", "CVE-2021-30520"], "modified": "2021-06-03T00:00:00", "id": "OPENSUSE-SU-2021:0829-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZMLE6Y32Y2DK2ZVCT4O73EKD4VH7BGEG/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T12:40:19", "description": "An update that fixes 14 vulnerabilities is now available.\n\nDescription:\n\n This update for opera fixes the following issues:\n\n Update to version 77.0.4054.146\n\n - CHR-8458 Update chromium on desktop-stable-91-4054 to 91.0.4472.114\n - DNA-92171 Create active linkdiscovery service\n - DNA-92388 Fix and unskip\n WorkspacesEmoji.testChooseEmojiAsWorkspaceIcon when possible\n - DNA-93101 Tabs are being snoozed when tab snoozing is disabled\n - DNA-93386 Update pinboard view when item changes\n - DNA-93448 Make browser ready for Developer release\n - DNA-93491 Fix failing tests after enabling #pinboard flag\n - DNA-93498 Add additional music services\n - DNA-93503 Blank popup on clicking toolbar icon with popup open\n - DNA-93561 Do not allow zoom different from 100% in Pinboard popup\n - DNA-93637 ctrl+9 shortcut is inconsistent with other browsers\n - DNA-93644 Create route for `import open tabs` to `pinboard`\n - DNA-93664 Adapt popup to design\n - DNA-93702 Turn on flags on developer\n - DNA-93737 [Pinboard] Remove Mock API\n - DNA-93745 Unable to open the popup after opening it several times\n - DNA-93776 Popup closes and reopens when clicking the toolbar button\n - DNA-93786 DCHECK after opening popup\n - DNA-93802 Crash at views::Widget::GetNativeView() const\n - DNA-93810 Add pinboard icon to sidebar\n - DNA-93825 Add pinboard to Opera menu\n - DNA-93833 [Player] Implement seeking for new services\n - DNA-93845 Do not log output of snapcraft on console\n - DNA-93864 Create feature flag for start page sync banner\n - DNA-93865 Implement start page banner\n - DNA-93867 Use version from package instead of repository\n - DNA-93878 [Player] Crash when current player service becomes\n unavailable when user location changes\n - DNA-93953 \ufffd\ufffd\ufffdSend image to Pinboard\ufffd\ufffd\ufffd has the wrong position in the\n context menu\n - DNA-93987 Disable zooming popup contents like in other popups\n - DNA-93989 Change internal URL to opera://pinboards\n - DNA-93990 Update strings to reflect new standards\n - DNA-93992 Add Pinboards to Opera settings\n - DNA-93993 Pinboard translations from Master\n - DNA-94011 Enable feature flags for Reborn 5 on stable\n - DNA-94019 Add a direct link to settings\n - DNA-94088 Internal pages provoke not saving other pages to the Pinboard\n - DNA-94111 [O77] Sidebar setup does not open\n - DNA-94139 Crash at opera::(anonymous\n namespace)::PinboardPopupWebView::RemovedFromWidget()\n - The update to chromium 91.0.4472.114 fixes following issues:\n CVE-2021-30554, CVE-2021-30555, CVE-2021-30556, CVE-2021-30557,\n CVE-2021-30544, CVE-2021-30545, CVE-2021-30546, CVE-2021-30547,\n CVE-2021-30548, CVE-2021-30549, CVE-2021-30550, CVE-2021-30551,\n CVE-2021-30552, CVE-2021-30553\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:NonFree:\n\n zypper in -t patch openSUSE-2021-949=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-01T00:00:00", "type": "suse", "title": "Security update for opera (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30544", "CVE-2021-30545", "CVE-2021-30546", "CVE-2021-30547", "CVE-2021-30548", "CVE-2021-30549", "CVE-2021-30550", "CVE-2021-30551", "CVE-2021-30552", "CVE-2021-30553", "CVE-2021-30554", "CVE-2021-30555", "CVE-2021-30556", "CVE-2021-30557"], "modified": "2021-07-01T00:00:00", "id": "OPENSUSE-SU-2021:0949-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/Y5YMAC6DXOAQQEUSMY36JS76YC35PAXY/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T12:40:19", "description": "An update that fixes 14 vulnerabilities is now available.\n\nDescription:\n\n This update for opera fixes the following issues:\n\n Update to version 77.0.4054.146\n\n - CHR-8458 Update chromium on desktop-stable-91-4054 to 91.0.4472.114\n - DNA-92171 Create active linkdiscovery service\n - DNA-92388 Fix and unskip\n WorkspacesEmoji.testChooseEmojiAsWorkspaceIcon when possible\n - DNA-93101 Tabs are being snoozed when tab snoozing is disabled\n - DNA-93386 Update pinboard view when item changes\n - DNA-93448 Make browser ready for Developer release\n - DNA-93491 Fix failing tests after enabling #pinboard flag\n - DNA-93498 Add additional music services\n - DNA-93503 Blank popup on clicking toolbar icon with popup open\n - DNA-93561 Do not allow zoom different from 100% in Pinboard popup\n - DNA-93637 ctrl+9 shortcut is inconsistent with other browsers\n - DNA-93644 Create route for `import open tabs` to `pinboard`\n - DNA-93664 Adapt popup to design\n - DNA-93702 Turn on flags on developer\n - DNA-93737 [Pinboard] Remove Mock API\n - DNA-93745 Unable to open the popup after opening it several times\n - DNA-93776 Popup closes and reopens when clicking the toolbar button\n - DNA-93786 DCHECK after opening popup\n - DNA-93802 Crash at views::Widget::GetNativeView() const\n - DNA-93810 Add pinboard icon to sidebar\n - DNA-93825 Add pinboard to Opera menu\n - DNA-93833 [Player] Implement seeking for new services\n - DNA-93845 Do not log output of snapcraft on console\n - DNA-93864 Create feature flag for start page sync banner\n - DNA-93865 Implement start page banner\n - DNA-93867 Use version from package instead of repository\n - DNA-93878 [Player] Crash when current player service becomes\n unavailable when user location changes\n - DNA-93953 \ufffd\ufffd\ufffdSend image to Pinboard\ufffd\ufffd\ufffd has the wrong position in the\n context menu\n - DNA-93987 Disable zooming popup contents like in other popups\n - DNA-93989 Change internal URL to opera://pinboards\n - DNA-93990 Update strings to reflect new standards\n - DNA-93992 Add Pinboards to Opera settings\n - DNA-93993 Pinboard translations from Master\n - DNA-94011 Enable feature flags for Reborn 5 on stable\n - DNA-94019 Add a direct link to settings\n - DNA-94088 Internal pages provoke not saving other pages to the Pinboard\n - DNA-94111 [O77] Sidebar setup does not open\n - DNA-94139 Crash at\n opera::(anonymous namespace)::PinboardPopupWebView::RemovedFromWidget()\n - The update to chromium 91.0.4472.114 fixes following issues:\n CVE-2021-30554, CVE-2021-30555, CVE-2021-30556, CVE-2021-30557\n CVE-2021-30544, CVE-2021-30545, CVE-2021-30546, CVE-2021-30547,\n CVE-2021-30548, CVE-2021-30549, CVE-2021-30550, CVE-2021-30551,\n CVE-2021-30552, CVE-2021-30553\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.3:NonFree:\n\n zypper in -t patch openSUSE-2021-948=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-01T00:00:00", "type": "suse", "title": "Security update for opera (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30544", "CVE-2021-30545", "CVE-2021-30546", "CVE-2021-30547", "CVE-2021-30548", "CVE-2021-30549", "CVE-2021-30550", "CVE-2021-30551", "CVE-2021-30552", "CVE-2021-30553", "CVE-2021-30554", "CVE-2021-30555", "CVE-2021-30556", "CVE-2021-30557"], "modified": "2021-07-01T00:00:00", "id": "OPENSUSE-SU-2021:0948-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7KHAD4TPDMOCFFISFXM3O4TD6SK6KWAG/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-08T04:09:03", "description": "An update that fixes 14 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Chromium 91.0.4472.114 (boo#1187481)\n\n * CVE-2021-30554: Use after free in WebGL\n * CVE-2021-30555: Use after free in Sharing\n * CVE-2021-30556: Use after free in WebAudio\n * CVE-2021-30557: Use after free in TabGroups\n * CVE-2021-30544: Use after free in BFCache\n * CVE-2021-30545: Use after free in Extensions\n * CVE-2021-30546: Use after free in Autofill\n * CVE-2021-30547: Out of bounds write in ANGLE\n * CVE-2021-30548: Use after free in Loader\n * CVE-2021-30549: Use after free in Spell check\n * CVE-2021-30550: Use after free in Accessibility\n * CVE-2021-30551: Type Confusion in V8\n * CVE-2021-30552: Use after free in Extensions\n * CVE-2021-30553: Use after free in Network service\n * Fix use-after-free in SendTabToSelfSubMenuModel\n * Destroy system-token NSSCertDatabase on the IO thread\n * Various fixes from internal audits, fuzzing and other initiatives\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP3:\n\n zypper in -t patch openSUSE-2021-938=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-28T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30544", "CVE-2021-30545", "CVE-2021-30546", "CVE-2021-30547", "CVE-2021-30548", "CVE-2021-30549", "CVE-2021-30550", "CVE-2021-30551", "CVE-2021-30552", "CVE-2021-30553", "CVE-2021-30554", "CVE-2021-30555", "CVE-2021-30556", "CVE-2021-30557"], "modified": "2021-06-28T00:00:00", "id": "OPENSUSE-SU-2021:0938-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XFR7LUM6J45XO73B4GQD65J3TG3IDVJX/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-08T04:09:03", "description": "An update that fixes 10 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Chromium 91.0.4472.101 (boo#1187141)\n\n * CVE-2021-30544: Use after free in BFCache\n * CVE-2021-30545: Use after free in Extensions\n * CVE-2021-30546: Use after free in Autofill\n * CVE-2021-30547: Out of bounds write in ANGLE\n * CVE-2021-30548: Use after free in Loader\n * CVE-2021-30549: Use after free in Spell check\n * CVE-2021-30550: Use after free in Accessibility\n * CVE-2021-30551: Type Confusion in V8\n * CVE-2021-30552: Use after free in Extensions\n * CVE-2021-30553: Use after free in Network service\n * Various fixes from internal audits, fuzzing and other initiatives\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2021-881=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-16T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30544", "CVE-2021-30545", "CVE-2021-30546", "CVE-2021-30547", "CVE-2021-30548", "CVE-2021-30549", "CVE-2021-30550", "CVE-2021-30551", "CVE-2021-30552", "CVE-2021-30553"], "modified": "2021-06-16T00:00:00", "id": "OPENSUSE-SU-2021:0881-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JKDHVVJH6V5YXSGWD7GDW62DQXQ22Y5E/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-08T04:09:03", "description": "An update that fixes four vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Chromium 91.0.4472.114 (boo#1187481)\n\n * CVE-2021-30554: Use after free in WebGL\n * CVE-2021-30555: Use after free in Sharing\n * CVE-2021-30556: Use after free in WebAudio\n * CVE-2021-30557: Use after free in TabGroups\n\n Chromium 91.0.4472.106\n\n * Fix use-after-free in SendTabToSelfSubMenuModel\n * Destroy system-token NSSCertDatabase on the IO thread\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2021-898=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-21T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30554", "CVE-2021-30555", "CVE-2021-30556", "CVE-2021-30557"], "modified": "2021-06-21T00:00:00", "id": "OPENSUSE-SU-2021:0898-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JRQS6E56EGURN6VSX6LRCTP5WHICGNXR/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "chrome": [{"lastseen": "2021-12-30T22:31:19", "description": "The Stable channel has been updated to 90.0.4430.212 for Windows, Mac and Linux which will roll out over the coming days/weeks.\n\n\nA full list of changes in this build is available in the [log](<https://chromium.googlesource.com/chromium/src/+log/90.0.4430.93..90.0.4430.212?pretty=fuller&n=10000>). Interested in switching release channels? Find out how [here](<https://www.chromium.org/getting-involved/dev-channel>). If you find a new issue, please let us know by [filing a bug](<https://crbug.com/>). The [community help forum](<https://productforums.google.com/forum/#!forum/chrome>) is also a great place to reach out for help or learn about common issues.\n\n\n\n\nSecurity Fixes and Rewards\n\nNote: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.\n\n\n\n\nThis update includes [19](<https://bugs.chromium.org/p/chromium/issues/list?can=1&q=type%3Abug-security+os%3DAndroid%2Cios%2Clinux%2Cmac%2Cwindows%2Call%2Cchrome+label%3ARelease-3-M90>) security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the [Chrome Security Page](<https://sites.google.com/a/chromium.org/dev/Home/chromium-security>) for more information.\n\n\n\n\n[$3000][[1180126](<https://crbug.com/1180126>)] High CVE-2021-30506: Incorrect security UI in Web App Installs. Reported by @retsew0x01 on 2021-02-19\n\n[$NA][[1178202](<https://crbug.com/1178202>)] High CVE-2021-30507: Inappropriate implementation in Offline. Reported by Alison Huffman, Microsoft Browser Vulnerability Research on 2021-02-14\n\n[$TBD][[1195340](<https://crbug.com/1195340>)] High CVE-2021-30508: Heap buffer overflow in Media Feeds. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-04-02\n\n[$TBD][[1196309](<https://crbug.com/1196309>)] High CVE-2021-30509: Out of bounds write in Tab Strip. Reported by David Erceg on 2021-04-06\n\n[$TBD][[1197436](<https://crbug.com/1197436>)] High CVE-2021-30510: Race in Aura. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2021-04-09\n\n[$TBD][[1197875](<https://crbug.com/1197875>)] High CVE-2021-30511: Out of bounds read in Tab Groups. Reported by David Erceg on 2021-04-10\n\n[$TBD][[1200019](<https://crbug.com/1200019>)] High CVE-2021-30512: Use after free in Notifications. Reported by ZhanJia Song on 2021-04-17\n\n[$NA][[1200490](<https://crbug.com/1200490>)] High CVE-2021-30513: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2021-04-19\n\n[$TBD][[1200766](<https://crbug.com/1200766>)] High CVE-2021-30514: Use after free in Autofill. Reported by koocola (@alo_cook) and Nan Wang (@eternalsakura13) of 360 Alpha Lab on 2021-04-20\n\n[$TBD][[1201073](<https://crbug.com/1201073>)] High CVE-2021-30515: Use after free in File API. Reported by Rong Jian and Guang Gong of 360 Alpha Lab on 2021-04-21\n\n[$TBD][[1201446](<https://crbug.com/1201446>)] High CVE-2021-30516: Heap buffer overflow in History. Reported by ZhanJia Song on 2021-04-22\n\n[$TBD][[1203122](<https://crbug.com/1203122>)] High CVE-2021-30517: Type Confusion in V8. Reported by laural on 2021-04-27\n\n[$NA][[1203590](<https://crbug.com/1203590>)] High CVE-2021-30518: Heap buffer overflow in Reader Mode. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2021-04-28\n\n[$15000][[1194058](<https://crbug.com/1194058>)] Medium CVE-2021-30519: Use after free in Payments. Reported by asnine on 2021-03-30\n\n[$10000][[1193362](<https://crbug.com/1193362>)] Medium CVE-2021-30520: Use after free in Tab Strip. Reported by Khalil Zhani on 2021-04-03\n\n\n\n\nWe would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel. \n\nAs usual, our ongoing internal security work was responsible for a wide range of fixes:\n\n * [[1207457](<https://crbug.com/1207457>)] Various fixes from internal audits, fuzzing and other initiatives\n\n\n\n\nMany of our security bugs are detected using [AddressSanitizer](<https://code.google.com/p/address-sanitizer/wiki/AddressSanitizer>), [MemorySanitizer](<https://code.google.com/p/memory-sanitizer/wiki/MemorySanitizer>), [UndefinedBehaviorSanitizer](<https://www.chromium.org/developers/testing/undefinedbehaviorsanitizer>), [Control Flow Integrity](<https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity>), [libFuzzer](<https://sites.google.com/a/chromium.org/dev/developers/testing/libfuzzer>), or [AFL](<https://github.com/google/afl>).\n\n\n\n\n\n\n\n\n\n\nSrinivas Sista\n\nGoogle Chrome", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-05-10T00:00:00", "type": "chrome", "title": "Stable Channel Update for Desktop", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30506", "CVE-2021-30507", "CVE-2021-30508", "CVE-2021-30509", "CVE-2021-30510", "CVE-2021-30511", "CVE-2021-30512", "CVE-2021-30513", "CVE-2021-30514", "CVE-2021-30515", "CVE-2021-30516", "CVE-2021-30517", "CVE-2021-30518", "CVE-2021-30519", "CVE-2021-30520"], "modified": "2021-05-10T00:00:00", "id": "GCSA-8595288209200495327", "href": "https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-30T22:31:16", "description": "The Chrome team is delighted to announce the promotion of Chrome 91 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks.\n\n\n\n\n\nChrome 91.0.4472.77 contains a number of fixes and improvements -- a list of changes is available in the[ log](<https://chromium.googlesource.com/chromium/src/+log/90.0.4430.212..91.0.4472.77?pretty=fuller&n=10000>). Watch out for upcoming[ Chrome](<https://chrome.blogspot.com/>) and[ Chromium](<https://blog.chromium.org/>) blog posts about new features and big efforts delivered in 91.\n\n\n\n\nSecurity Fixes and Rewards\n\nNote: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.\n\n\n\n\nThis update includes [34](<https://bugs.chromium.org/p/chromium/issues/list?can=1&q=type%3Abug-security+os%3DAndroid%2Cios%2Clinux%2Cmac%2Cwindows%2Call%2Cchrome+label%3ARelease-0-M91>) security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the [Chrome Security Page](<https://sites.google.com/a/chromium.org/dev/Home/chromium-security>) for more information.\n\n\n\n\n[$20000][[120872\u00e7](<https://crbug.com/1208721>)] High CVE-2021-30521: Heap buffer overflow in Autofill. Reported by ZhanJia Song on 2021-05-13\n\n[$7500][[1176218](<https://crbug.com/1176218>)] High CVE-2021-30522: Use after free in WebAudio. Reported by Piotr Bania of Cisco Talos on 2021-02-09\n\n[$7500][[1187797](<https://crbug.com/1187797>)] High CVE-2021-30523: Use after free in WebRTC. Reported by Tolyan Korniltsev on 2021-03-13\n\n[$TBD][[1197146](<https://crbug.com/1197146>)] High CVE-2021-30524: Use after free in TabStrip. Reported by David Erceg on 2021-04-08\n\n[$TBD][[1197888](<https://crbug.com/1197888>)] High CVE-2021-30525: Use after free in TabGroups. Reported by David Erceg on 2021-04-11\n\n[$TBD][[1198717](<https://crbug.com/1198717>)] High CVE-2021-30526: Out of bounds write in TabStrip. Reported by David Erceg on 2021-04-13\n\n[$TBD][[1199198](<https://crbug.com/1199198>)] High CVE-2021-30527: Use after free in WebUI. Reported by David Erceg on 2021-04-15\n\n[$NA][[1206329](<https://crbug.com/1206329>)] High CVE-2021-30528: Use after free in WebAuthentication. Reported by Man Yue Mo of GitHub Security Lab on 2021-05-06\n\n[$7500][[1195278](<https://crbug.com/1195278>)] Medium CVE-2021-30529: Use after free in Bookmarks. Reported by koocola (@alo_cook) and Nan Wang (@eternalsakura13) of 360 Alpha Lab on 2021-04-02\n\n[$7500][[1201033](<https://crbug.com/1201033>)] Medium CVE-2021-30530: Out of bounds memory access in WebAudio. Reported by kkwon on 2021-04-21\n\n[$5000][[1115628](<https://crbug.com/1115628>)] Medium CVE-2021-30531: Insufficient policy enforcement in Content Security Policy. Reported by Philip Papurt on 2020-08-12\n\n[$5000][[1117687](<https://crbug.com/1117687>)] Medium CVE-2021-30532: Insufficient policy enforcement in Content Security Policy. Reported by Philip Papurt on 2020-08-18\n\n[$5000][[1145553](<https://crbug.com/1145553>)] Medium CVE-2021-30533: Insufficient policy enforcement in PopupBlocker. Reported by Eliya Stein on 2020-11-04\n\n[$3000][[1151507](<https://crbug.com/1151507>)] Medium CVE-2021-30534: Insufficient policy enforcement in iFrameSandbox. Reported by Alesandro Ortiz on 2020-11-20\n\n[$1000][[1194899](<https://crbug.com/1194899>)] Medium CVE-2021-30535: Double free in ICU. Reported by nocma, leogan, cheneyxu of WeChat Open Platform Security Team on 2021-04-01\n\n[$TBD][[1184954](<https://crbug.com/1184954>)]Medium CVE-2021-30542: Use after free in Tab Strip. Reported by Khalil Zhani on 2021-03-05\n\n[$TBD][[1203607](<https://crbug.com/1203607>)] Medium CVE-2021-30543: Use after free in Tab Strip. Reported by Khalil Zhani on 2021-04-28\n\n[$NA][[916326](<https://crbug.com/916326>)] Medium CVE-2021-30558: Insufficient policy enforcement in content security policy. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2018-12-19\n\n[$15000][[1194358](<https://crbug.com/1194358>)] Low CVE-2021-30536: Out of bounds read in V8. Reported by Chris Salls (@salls) on 2021-03-31\n\n[$3000][[830101](<https://crbug.com/830101>)] Low CVE-2021-30537: Insufficient policy enforcement in cookies. Reported by Jun Kokatsu (@shhnjk) on 2018-04-06\n\n[$3000][[1115045](<https://crbug.com/1115045>)] Low CVE-2021-30538: Insufficient policy enforcement in content security policy. Reported by Tianze Ding (@D1iv3) of Tencent Security Xuanwu Lab on 2020-08-11\n\n[$1000][[971231](<https://crbug.com/971231>)] Low CVE-2021-30539: Insufficient policy enforcement in content security policy. Reported by unnamed researcher on 2019-06-05\n\n[$500][[1184147](<https://crbug.com/1184147>)] Low CVE-2021-30540: Incorrect security UI in payments. Reported by @retsew0x01 on 2021-03-03\n\n\n\n\nWe would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel. \n\nAs usual, our ongoing internal security work was responsible for a wide range of fixes:\n\n * [[1213064](<https://crbug.com/1213064>)] Various fixes from internal audits, fuzzing and other initiatives\n\n\n\n\nMany of our security bugs are detected using [AddressSanitizer](<https://code.google.com/p/address-sanitizer/wiki/AddressSanitizer>), [MemorySanitizer](<https://code.google.com/p/memory-sanitizer/wiki/MemorySanitizer>), [UndefinedBehaviorSanitizer](<https://www.chromium.org/developers/testing/undefinedbehaviorsanitizer>), [Control Flow Integrity](<https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity>), [libFuzzer](<https://sites.google.com/a/chromium.org/dev/developers/testing/libfuzzer>), or [AFL](<https://github.com/google/afl>).\n\n\n\n\nPrudhvikumar Bommana\n\nGoogle Chrome", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-05-25T00:00:00", "type": "chrome", "title": "Stable Channel Update for Desktop", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30521", "CVE-2021-30522", "CVE-2021-30523", "CVE-2021-30524", "CVE-2021-30525", "CVE-2021-30526", "CVE-2021-30527", "CVE-2021-30528", "CVE-2021-30529", "CVE-2021-30530", "CVE-2021-30531", "CVE-2021-30532", "CVE-2021-30533", "CVE-2021-30534", "CVE-2021-30535", "CVE-2021-30536", "CVE-2021-30537", "CVE-2021-30538", "CVE-2021-30539", "CVE-2021-30540", "CVE-2021-30542", "CVE-2021-30543", "CVE-2021-30558"], "modified": "2021-05-25T00:00:00", "id": "GCSA-7170632646642454608", "href": "https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-30T22:31:16", "description": "The Stable channel has been updated to 91.0.4472.101 for Windows, Mac and Linux which will roll out over the coming days/weeks.\n\n\nA full list of changes in this build is available in the [log](<https://chromium.googlesource.com/chromium/src/+log/91.0.4472.77..91.0.4472.101?pretty=fuller&n=10000>). Interested in switching release channels? Find out how [here](<https://www.chromium.org/getting-involved/dev-channel>). If you find a new issue, please let us know by [filing a bug](<https://crbug.com/>). The [community help forum](<https://productforums.google.com/forum/#!forum/chrome>) is also a great place to reach out for help or learn about common issues.\n\n\n\n\nSecurity Fixes and Rewards\n\nNote: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.\n\n\n\n\nThis update includes [14](<https://bugs.chromium.org/p/chromium/issues/list?can=1&q=type%3Abug-security+os%3DAndroid%2Cios%2Clinux%2Cmac%2Cwindows%2Call%2Cchrome+label%3ARelease-1-M91>) security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the [Chrome Security Page](<https://sites.google.com/a/chromium.org/dev/Home/chromium-security>) for more information.\n\n\n\n\n[$25000][[1212618](<https://crbug.com/1212618>)] Critical CVE-2021-30544: Use after free in BFCache. Reported by Rong Jian and Guang Gong of 360 Alpha Lab on 2021-05-24\n\n[$20000][[1201031](<https://crbug.com/1201031>)] High CVE-2021-30545: Use after free in Extensions. Reported by kkwon with everpall and kkomdal on 2021-04-21\n\n[$NA][[1206911](<https://crbug.com/1206911>)] High CVE-2021-30546: Use after free in Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-05-08\n\n[$TBD][[1210414](<https://crbug.com/1210414>)] High CVE-2021-30547: Out of bounds write in ANGLE. Reported by Seong-Hwan Park (SeHwa) of SecunologyLab on 2021-05-18\n\n[$TBD][[1210487](<https://crbug.com/1210487>)] High CVE-2021-30548: Use after free in Loader. Reported by Yangkang(@dnpushme) & Wanglu of Qihoo360 Qex Team on 2021-05-18\n\n[$TBD][[1212498](<https://crbug.com/1212498>)] High CVE-2021-30549: Use after free in Spell check. Reported by David Erceg on 2021-05-23\n\n[$TBD][[1212500](<https://crbug.com/1212500>)] High CVE-2021-30550: Use after free in Accessibility. Reported by David Erceg on 2021-05-23\n\n[$NA][[1216437](<https://crbug.com/1216437>)] High CVE-2021-30551: Type Confusion in V8. Reported by Clement Lecigne of Google's Threat Analysis Group and Sergei Glazunov of Google Project Zero on 2021-06-04\n\n[$TBD][[1200679](<https://crbug.com/1200679>)] Medium CVE-2021-30552: Use after free in Extensions. Reported by David Erceg on 2021-04-20\n\n[$TBD][[1209769](<https://crbug.com/1209769>)] Medium CVE-2021-30553: Use after free in Network service. Reported by Anonymous on 2021-05-17\n\n\n\n\nWe would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.\n\n\n\n\nGoogle is aware that an exploit for CVE-2021-30551 exists in the wild. \n\nAs usual, our ongoing internal security work was responsible for a wide range of fixes:\n\n * [[1218029](<https://crbug.com/1218029>)] Various fixes from internal audits, fuzzing and other initiatives\n\n\nMany of our security bugs are detected using [AddressSanitizer](<https://code.google.com/p/address-sanitizer/wiki/AddressSanitizer>), [MemorySanitizer](<https://code.google.com/p/memory-sanitizer/wiki/MemorySanitizer>), [UndefinedBehaviorSanitizer](<https://www.chromium.org/developers/testing/undefinedbehaviorsanitizer>), [Control Flow Integrity](<https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity>), [libFuzzer](<https://sites.google.com/a/chromium.org/dev/developers/testing/libfuzzer>), or [AFL](<https://github.com/google/afl>).\n\n\n\n\nPrudhvikumar Bommana\n\nGoogle Chrome", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-06-09T00:00:00", "type": "chrome", "title": "Stable Channel Update for Desktop", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30544", "CVE-2021-30545", "CVE-2021-30546", "CVE-2021-30547", "CVE-2021-30548", "CVE-2021-30549", "CVE-2021-30550", "CVE-2021-30551", "CVE-2021-30552", "CVE-2021-30553"], "modified": "2021-06-09T00:00:00", "id": "GCSA-6244807684233791030", "href": "https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-30T22:31:16", "description": "The Stable channel has been updated to 91.0.4472.114 for Windows, Mac and Linux which will roll out over the coming days/weeks.\n\nA full list of changes in this build is available in the [log](<https://chromium.googlesource.com/chromium/src/+log/91.0.4472.106..91.0.4472.114?pretty=fuller&n=10000>). Interested in switching release channels? Find out how [here](<https://www.chromium.org/getting-involved/dev-channel>). If you find a new issue, please let us know by [filing a bug](<https://crbug.com/>). The [community help forum](<https://productforums.google.com/forum/#!forum/chrome>) is also a great place to reach out for help or learn about common issues.\n\nSecurity Fixes and Rewards\n\nNote: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.\n\nThis update includes [4](<https://bugs.chromium.org/p/chromium/issues/list?can=1&q=type%3Abug-security+os%3DAndroid%2Cios%2Clinux%2Cmac%2Cwindows%2Call%2Cchrome+label%3ARelease-2-M91>) security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the [Chrome Security Page](<https://sites.google.com/a/chromium.org/dev/Home/chromium-security>) for more information.\n\n** \n**\n\n[$TBD][[1219857](<https://crbug.com/1219857>)] High CVE-2021-30554: Use after free in WebGL. Reported by anonymous on 2021-06-15\n\n[$10000][[1215029](<https://crbug.com/1215029>)] High CVE-2021-30555: Use after free in Sharing. Reported by David Erceg on 2021-06-01\n\n[$7500][[1212599](<https://crbug.com/1212599>)] High CVE-2021-30556: Use after free in WebAudio. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-05-24\n\n[$10000][[1202102](<https://crbug.com/1202102>)] High CVE-2021-30557: Use after free in TabGroups. Reported by David Erceg on 2021-04-23\n\nWe would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.\n\nGoogle is aware that an exploit for CVE-2021-30554 exists in the wild.\n\nMany of our security bugs are detected using [AddressSanitizer](<https://code.google.com/p/address-sanitizer/wiki/AddressSanitizer>), [MemorySanitizer](<https://code.google.com/p/memory-sanitizer/wiki/MemorySanitizer>), [UndefinedBehaviorSanitizer](<https://www.chromium.org/developers/testing/undefinedbehaviorsanitizer>), [Control Flow Integrity](<https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity>), [libFuzzer](<https://sites.google.com/a/chromium.org/dev/developers/testing/libfuzzer>), or [AFL](<https://github.com/google/afl>).\n\n\n\n\n\n\n\n\nSrinivas Sista\n\nGoogle Chrome", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-06-17T00:00:00", "type": "chrome", "title": "Stable Channel Update for Desktop", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30554", "CVE-2021-30555", "CVE-2021-30556", "CVE-2021-30557"], "modified": "2021-06-17T00:00:00", "id": "GCSA-8794598538337601472", "href": "https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "kaspersky": [{"lastseen": "2023-02-08T15:46:25", "description": "### *Detect date*:\n05/26/2021\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, spoof user interface, bypass security restrictions.\n\n### *Affected products*:\nOpera earlier than 76.0.4017.154\n\n### *Solution*:\nUpdate to the latest version \n[Download Opera](<https://www.opera.com>)\n\n### *Original advisories*:\n[Stable Channel Update for Desktop](<https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop.html>) \n[Changelog for Opera 76](<https://blogs.opera.com/desktop/changelog-for-76/#b4017.154>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Opera](<https://threats.kaspersky.com/en/product/Opera/>)\n\n### *CVE-IDS*:\n[CVE-2021-30507](<https://vulners.com/cve/CVE-2021-30507>)6.8High \n[CVE-2021-30516](<https://vulners.com/cve/CVE-2021-30516>)6.8High \n[CVE-2021-30519](<https://vulners.com/cve/CVE-2021-30519>)6.8High \n[CVE-2021-30515](<https://vulners.com/cve/CVE-2021-30515>)6.8High \n[CVE-2021-30506](<https://vulners.com/cve/CVE-2021-30506>)6.8High \n[CVE-2021-30514](<https://vulners.com/cve/CVE-2021-30514>)6.8High \n[CVE-2021-30517](<https://vulners.com/cve/CVE-2021-30517>)6.8High \n[CVE-2021-30513](<https://vulners.com/cve/CVE-2021-30513>)6.8High \n[CVE-2021-30518](<https://vulners.com/cve/CVE-2021-30518>)6.8High \n[CVE-2021-30509](<https://vulners.com/cve/CVE-2021-30509>)6.8High \n[CVE-2021-30508](<https://vulners.com/cve/CVE-2021-30508>)6.8High \n[CVE-2021-30512](<https://vulners.com/cve/CVE-2021-30512>)6.8High \n[CVE-2021-30520](<https://vulners.com/cve/CVE-2021-30520>)6.8High \n[CVE-2021-30510](<https://vulners.com/cve/CVE-2021-30510>)6.8High \n[CVE-2021-30511](<https://vulners.com/cve/CVE-2021-30511>)5.8High\n\n### *KB list*:\n[5003695](<http://support.microsoft.com/kb/5003695>) \n[5003636](<http://support.microsoft.com/kb/5003636>) \n[5003661](<http://support.microsoft.com/kb/5003661>) \n[5003667](<http://support.microsoft.com/kb/5003667>) \n[5003694](<http://support.microsoft.com/kb/5003694>)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-05-26T00:00:00", "type": "kaspersky", "title": "KLA12188 Multiple vulnerabilities in Opera", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30506", "CVE-2021-30507", "CVE-2021-30508", "CVE-2021-30509", "CVE-2021-30510", "CVE-2021-30511", "CVE-2021-30512", "CVE-2021-30513", "CVE-2021-30514", "CVE-2021-30515", "CVE-2021-30516", "CVE-2021-30517", "CVE-2021-30518", "CVE-2021-30519", "CVE-2021-30520"], "modified": "2021-06-22T00:00:00", "id": "KLA12188", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12188/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-28T17:35:26", "description": "### *Detect date*:\n05/13/2021\n\n### *Severity*:\nWarning\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, spoof user interface, bypass security restrictions.\n\n### *Affected products*:\nMicrosoft Edge (Chromium-based)\n\n### *Solution*:\nInstall necessary updates from the Settings and more menu, that are listed in your About Microsoft Edge page (Microsoft Edge About page usually can be accessed from the Help and feedback option) \n[Microsoft Edge update settings](<https://support.microsoft.com/en-us/topic/microsoft-edge-update-settings-af8aaca2-1b69-4870-94fe-18822dbb7ef1>)\n\n### *Original advisories*:\n[CVE-2021-30512](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30512>) \n[CVE-2021-30517](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30517>) \n[CVE-2021-30520](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30520>) \n[CVE-2021-30518](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30518>) \n[CVE-2021-30515](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30515>) \n[CVE-2021-30506](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30506>) \n[CVE-2021-30510](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30510>) \n[CVE-2021-30511](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30511>) \n[CVE-2021-30516](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30516>) \n[CVE-2021-30509](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30509>) \n[CVE-2021-30507](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30507>) \n[CVE-2021-30519](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30519>) \n[CVE-2021-30508](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30508>) \n[CVE-2021-30514](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30514>) \n[CVE-2021-30513](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30513>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Edge](<https://threats.kaspersky.com/en/product/Microsoft-Edge/>)\n\n### *CVE-IDS*:\n[CVE-2021-30507](<https://vulners.com/cve/CVE-2021-30507>)6.8High \n[CVE-2021-30516](<https://vulners.com/cve/CVE-2021-30516>)6.8High \n[CVE-2021-30519](<https://vulners.com/cve/CVE-2021-30519>)6.8High \n[CVE-2021-30515](<https://vulners.com/cve/CVE-2021-30515>)6.8High \n[CVE-2021-30506](<https://vulners.com/cve/CVE-2021-30506>)6.8High \n[CVE-2021-30514](<https://vulners.com/cve/CVE-2021-30514>)6.8High \n[CVE-2021-30517](<https://vulners.com/cve/CVE-2021-30517>)6.8High \n[CVE-2021-30513](<https://vulners.com/cve/CVE-2021-30513>)6.8High \n[CVE-2021-30518](<https://vulners.com/cve/CVE-2021-30518>)6.8High \n[CVE-2021-30509](<https://vulners.com/cve/CVE-2021-30509>)6.8High \n[CVE-2021-30508](<https://vulners.com/cve/CVE-2021-30508>)6.8High \n[CVE-2021-30512](<https://vulners.com/cve/CVE-2021-30512>)6.8High \n[CVE-2021-30520](<https://vulners.com/cve/CVE-2021-30520>)6.8High \n[CVE-2021-30510](<https://vulners.com/cve/CVE-2021-30510>)6.8High \n[CVE-2021-30511](<https://vulners.com/cve/CVE-2021-30511>)5.8High\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-05-13T00:00:00", "type": "kaspersky", "title": "KLA12176 Multiple vulnerabilities in Microsoft Browser", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30506", "CVE-2021-30507", "CVE-2021-30508", "CVE-2021-30509", "CVE-2021-30510", "CVE-2021-30511", "CVE-2021-30512", "CVE-2021-30513", "CVE-2021-30514", "CVE-2021-30515", "CVE-2021-30516", "CVE-2021-30517", "CVE-2021-30518", "CVE-2021-30519", "CVE-2021-30520"], "modified": "2023-03-28T00:00:00", "id": "KLA12176", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12176/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-08T15:46:47", "description": "### *Detect date*:\n05/10/2021\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, spoof user interface, bypass security restrictions.\n\n### *Affected products*:\nGoogle Chrome earlier than 90.0.4430.212\n\n### *Solution*:\nUpdate to the latest version \n[Download Google Chrome](<https://www.google.com/chrome/>)\n\n### *Original advisories*:\n[Stable Channel Update for Desktop](<https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Google Chrome](<https://threats.kaspersky.com/en/product/Google-Chrome/>)\n\n### *CVE-IDS*:\n[CVE-2021-30507](<https://vulners.com/cve/CVE-2021-30507>)6.8High \n[CVE-2021-30516](<https://vulners.com/cve/CVE-2021-30516>)6.8High \n[CVE-2021-30519](<https://vulners.com/cve/CVE-2021-30519>)6.8High \n[CVE-2021-30515](<https://vulners.com/cve/CVE-2021-30515>)6.8High \n[CVE-2021-30506](<https://vulners.com/cve/CVE-2021-30506>)6.8High \n[CVE-2021-30514](<https://vulners.com/cve/CVE-2021-30514>)6.8High \n[CVE-2021-30517](<https://vulners.com/cve/CVE-2021-30517>)6.8High \n[CVE-2021-30513](<https://vulners.com/cve/CVE-2021-30513>)6.8High \n[CVE-2021-30518](<https://vulners.com/cve/CVE-2021-30518>)6.8High \n[CVE-2021-30509](<https://vulners.com/cve/CVE-2021-30509>)6.8High \n[CVE-2021-30508](<https://vulners.com/cve/CVE-2021-30508>)6.8High \n[CVE-2021-30512](<https://vulners.com/cve/CVE-2021-30512>)6.8High \n[CVE-2021-30520](<https://vulners.com/cve/CVE-2021-30520>)6.8High \n[CVE-2021-30510](<https://vulners.com/cve/CVE-2021-30510>)6.8High \n[CVE-2021-30511](<https://vulners.com/cve/CVE-2021-30511>)5.8High", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-05-10T00:00:00", "type": "kaspersky", "title": "KLA12165 Multiple vulnerabilities in Google Chrome", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30506", "CVE-2021-30507", "CVE-2021-30508", "CVE-2021-30509", "CVE-2021-30510", "CVE-2021-30511", "CVE-2021-30512", "CVE-2021-30513", "CVE-2021-30514", "CVE-2021-30515", "CVE-2021-30516", "CVE-2021-30517", "CVE-2021-30518", "CVE-2021-30519", "CVE-2021-30520"], "modified": "2021-05-11T00:00:00", "id": "KLA12165", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12165/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-28T17:35:00", "description": "### *Detect date*:\n05/27/2021\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to bypass security restrictions, spoof user interface, execute arbitrary code, cause denial of service, obtain sensitive information, gain privileges.\n\n### *Affected products*:\nMicrosoft Edge (Chromium-based)\n\n### *Solution*:\nInstall necessary updates from the Settings and more menu, that are listed in your About Microsoft Edge page (Microsoft Edge About page usually can be accessed from the Help and feedback option) \n[Microsoft Edge update settings](<https://support.microsoft.com/en-us/topic/microsoft-edge-update-settings-af8aaca2-1b69-4870-94fe-18822dbb7ef1>)\n\n### *Original advisories*:\n[CVE-2021-30538](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30538>) \n[CVE-2021-30534](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30534>) \n[CVE-2021-30540](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30540>) \n[CVE-2021-30523](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30523>) \n[CVE-2021-31982](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-31982>) \n[CVE-2021-30535](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30535>) \n[CVE-2021-30524](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30524>) \n[CVE-2021-30537](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30537>) \n[CVE-2021-30536](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30536>) \n[CVE-2021-30521](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30521>) \n[CVE-2021-30527](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30527>) \n[CVE-2021-30539](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30539>) \n[CVE-2021-30532](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30532>) \n[CVE-2021-30522](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30522>) \n[CVE-2021-30533](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30533>) \n[CVE-2021-30525](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30525>) \n[CVE-2021-30530](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30530>) \n[CVE-2021-30526](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30526>) \n[CVE-2021-30528](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30528>) \n[CVE-2021-30531](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30531>) \n[CVE-2021-30529](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30529>) \n[CVE-2021-31937](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-31937>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Edge](<https://threats.kaspersky.com/en/product/Microsoft-Edge/>)\n\n### *CVE-IDS*:\n[CVE-2021-30538](<https://vulners.com/cve/CVE-2021-30538>)4.3Warning \n[CVE-2021-30540](<https://vulners.com/cve/CVE-2021-30540>)4.3Warning \n[CVE-2021-30533](<https://vulners.com/cve/CVE-2021-30533>)4.3Warning \n[CVE-2021-30527](<https://vulners.com/cve/CVE-2021-30527>)6.8High \n[CVE-2021-30522](<https://vulners.com/cve/CVE-2021-30522>)6.8High \n[CVE-2021-30521](<https://vulners.com/cve/CVE-2021-30521>)6.8High \n[CVE-2021-30531](<https://vulners.com/cve/CVE-2021-30531>)4.3Warning \n[CVE-2021-30523](<https://vulners.com/cve/CVE-2021-30523>)6.8High \n[CVE-2021-30524](<https://vulners.com/cve/CVE-2021-30524>)6.8High \n[CVE-2021-30535](<https://vulners.com/cve/CVE-2021-30535>)6.8High \n[CVE-2021-30526](<https://vulners.com/cve/CVE-2021-30526>)6.8High \n[CVE-2021-30530](<https://vulners.com/cve/CVE-2021-30530>)6.8High \n[CVE-2021-30525](<https://vulners.com/cve/CVE-2021-30525>)6.8High \n[CVE-2021-30539](<https://vulners.com/cve/CVE-2021-30539>)5.8High \n[CVE-2021-30529](<https://vulners.com/cve/CVE-2021-30529>)6.8High \n[CVE-2021-30528](<https://vulners.com/cve/CVE-2021-30528>)6.8High \n[CVE-2021-30532](<https://vulners.com/cve/CVE-2021-30532>)4.3Warning \n[CVE-2021-30537](<https://vulners.com/cve/CVE-2021-30537>)4.3Warning \n[CVE-2021-30534](<https://vulners.com/cve/CVE-2021-30534>)4.3Warning \n[CVE-2021-30536](<https://vulners.com/cve/CVE-2021-30536>)5.8High\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-05-27T00:00:00", "type": "kaspersky", "title": "KLA12192 Multiple vulnerabilities in Microsoft Browser", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30521", "CVE-2021-30522", "CVE-2021-30523", "CVE-2021-30524", "CVE-2021-30525", "CVE-2021-30526", "CVE-2021-30527", "CVE-2021-30528", "CVE-2021-30529", "CVE-2021-30530", "CVE-2021-30531", "CVE-2021-30532", "CVE-2021-30533", "CVE-2021-30534", "CVE-2021-30535", "CVE-2021-30536", "CVE-2021-30537", "CVE-2021-30538", "CVE-2021-30539", "CVE-2021-30540", "CVE-2021-31937", "CVE-2021-31982"], "modified": "2023-03-28T00:00:00", "id": "KLA12192", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12192/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-08T15:46:25", "description": "### *Detect date*:\n05/25/2021\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to bypass security restrictions, spoof user interface, execute arbitrary code, cause denial of service, obtain sensitive information.\n\n### *Affected products*:\nGoogle Chrome earlier than 91.0.4472.77\n\n### *Solution*:\nUpdate to the latest version \n[Download Google Chrome](<https://www.google.com/chrome/>)\n\n### *Original advisories*:\n[Stable Channel Update for Desktop](<https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Google Chrome](<https://threats.kaspersky.com/en/product/Google-Chrome/>)\n\n### *CVE-IDS*:\n[CVE-2021-30538](<https://vulners.com/cve/CVE-2021-30538>)4.3Warning \n[CVE-2021-30540](<https://vulners.com/cve/CVE-2021-30540>)4.3Warning \n[CVE-2021-30533](<https://vulners.com/cve/CVE-2021-30533>)4.3Warning \n[CVE-2021-30527](<https://vulners.com/cve/CVE-2021-30527>)6.8High \n[CVE-2021-30522](<https://vulners.com/cve/CVE-2021-30522>)6.8High \n[CVE-2021-30521](<https://vulners.com/cve/CVE-2021-30521>)6.8High \n[CVE-2021-30531](<https://vulners.com/cve/CVE-2021-30531>)4.3Warning \n[CVE-2021-30523](<https://vulners.com/cve/CVE-2021-30523>)6.8High \n[CVE-2021-30524](<https://vulners.com/cve/CVE-2021-30524>)6.8High \n[CVE-2021-30535](<https://vulners.com/cve/CVE-2021-30535>)6.8High \n[CVE-2021-30526](<https://vulners.com/cve/CVE-2021-30526>)6.8High \n[CVE-2021-30530](<https://vulners.com/cve/CVE-2021-30530>)6.8High \n[CVE-2021-30525](<https://vulners.com/cve/CVE-2021-30525>)6.8High \n[CVE-2021-30539](<https://vulners.com/cve/CVE-2021-30539>)5.8High \n[CVE-2021-30529](<https://vulners.com/cve/CVE-2021-30529>)6.8High \n[CVE-2021-30528](<https://vulners.com/cve/CVE-2021-30528>)6.8High \n[CVE-2021-30532](<https://vulners.com/cve/CVE-2021-30532>)4.3Warning \n[CVE-2021-30537](<https://vulners.com/cve/CVE-2021-30537>)4.3Warning \n[CVE-2021-30534](<https://vulners.com/cve/CVE-2021-30534>)4.3Warning \n[CVE-2021-30536](<https://vulners.com/cve/CVE-2021-30536>)5.8High \n[CVE-2021-30543](<https://vulners.com/cve/CVE-2021-30543>)6.8High \n[CVE-2021-30542](<https://vulners.com/cve/CVE-2021-30542>)6.8High\n\n### *KB list*:\n[5001914](<http://support.microsoft.com/kb/5001914>) \n[5001931](<http://support.microsoft.com/kb/5001931>) \n[5001919](<http://support.microsoft.com/kb/5001919>) \n[5001917](<http://support.microsoft.com/kb/5001917>) \n[4493197](<http://support.microsoft.com/kb/4493197>) \n[5003729](<http://support.microsoft.com/kb/5003729>) \n[4464542](<http://support.microsoft.com/kb/4464542>) \n[5001920](<http://support.microsoft.com/kb/5001920>) \n[5001927](<http://support.microsoft.com/kb/5001927>) \n[5001923](<http://support.microsoft.com/kb/5001923>) \n[4493206](<http://support.microsoft.com/kb/4493206>) \n[5001918](<http://support.microsoft.com/kb/5001918>) \n[5001916](<http://support.microsoft.com/kb/5001916>) \n[5001928](<http://support.microsoft.com/kb/5001928>) \n[5001936](<http://support.microsoft.com/kb/5001936>) \n[5001925](<http://support.microsoft.com/kb/5001925>) \n[5001935](<http://support.microsoft.com/kb/5001935>) \n[4504711](<http://support.microsoft.com/kb/4504711>) \n[4484527](<http://support.microsoft.com/kb/4484527>)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-05-25T00:00:00", "type": "kaspersky", "title": "KLA12189 Multiple vulnerabilities in Google Chrome", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30521", "CVE-2021-30522", "CVE-2021-30523", "CVE-2021-30524", "CVE-2021-30525", "CVE-2021-30526", "CVE-2021-30527", "CVE-2021-30528", "CVE-2021-30529", "CVE-2021-30530", "CVE-2021-30531", "CVE-2021-30532", "CVE-2021-30533", "CVE-2021-30534", "CVE-2021-30535", "CVE-2021-30536", "CVE-2021-30537", "CVE-2021-30538", "CVE-2021-30539", "CVE-2021-30540", "CVE-2021-30542", "CVE-2021-30543"], "modified": "2021-07-08T00:00:00", "id": "KLA12189", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12189/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-08T15:46:12", "description": "### *Detect date*:\n06/09/2021\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service.\n\n### *Affected products*:\nGoogle Chrome earlier than 91.0.4472.101\n\n### *Solution*:\nUpdate to the latest version \n[Download Google Chrome](<https://www.google.com/chrome/>)\n\n### *Original advisories*:\n[Stable Channel Update for Desktop](<https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Google Chrome](<https://threats.kaspersky.com/en/product/Google-Chrome/>)\n\n### *CVE-IDS*:\n[CVE-2021-30545](<https://vulners.com/cve/CVE-2021-30545>)6.8High \n[CVE-2021-30550](<https://vulners.com/cve/CVE-2021-30550>)6.8High \n[CVE-2021-30546](<https://vulners.com/cve/CVE-2021-30546>)6.8High \n[CVE-2021-30549](<https://vulners.com/cve/CVE-2021-30549>)6.8High \n[CVE-2021-30551](<https://vulners.com/cve/CVE-2021-30551>)6.8High \n[CVE-2021-30547](<https://vulners.com/cve/CVE-2021-30547>)6.8High \n[CVE-2021-30553](<https://vulners.com/cve/CVE-2021-30553>)6.8High \n[CVE-2021-30552](<https://vulners.com/cve/CVE-2021-30552>)6.8High \n[CVE-2021-30548](<https://vulners.com/cve/CVE-2021-30548>)6.8High \n[CVE-2021-30544](<https://vulners.com/cve/CVE-2021-30544>)6.8High", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-09T00:00:00", "type": "kaspersky", "title": "KLA12204 Multiple vulnerabilities in Google Chrome", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30544", "CVE-2021-30545", "CVE-2021-30546", "CVE-2021-30547", "CVE-2021-30548", "CVE-2021-30549", "CVE-2021-30550", "CVE-2021-30551", "CVE-2021-30552", "CVE-2021-30553"], "modified": "2021-06-22T00:00:00", "id": "KLA12204", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12204/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-28T17:34:37", "description": "### *Detect date*:\n06/11/2021\n\n### *Severity*:\nWarning\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code.\n\n### *Affected products*:\nMicrosoft Edge (Chromium-based)\n\n### *Solution*:\nInstall necessary updates from the Settings and more menu, that are listed in your About Microsoft Edge page (Microsoft Edge About page usually can be accessed from the Help and feedback option) \n[Microsoft Edge update settings](<https://support.microsoft.com/en-us/topic/microsoft-edge-update-settings-af8aaca2-1b69-4870-94fe-18822dbb7ef1>)\n\n### *Original advisories*:\n[CVE-2021-30551](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30551>) \n[CVE-2021-30547](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30547>) \n[CVE-2021-30545](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30545>) \n[CVE-2021-30544](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30544>) \n[CVE-2021-30549](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30549>) \n[CVE-2021-30552](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30552>) \n[CVE-2021-30546](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30546>) \n[CVE-2021-30550](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30550>) \n[CVE-2021-30548](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30548>) \n[CVE-2021-30553](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30553>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Edge](<https://threats.kaspersky.com/en/product/Microsoft-Edge/>)\n\n### *CVE-IDS*:\n[CVE-2021-30545](<https://vulners.com/cve/CVE-2021-30545>)6.8High \n[CVE-2021-30550](<https://vulners.com/cve/CVE-2021-30550>)6.8High \n[CVE-2021-30546](<https://vulners.com/cve/CVE-2021-30546>)6.8High \n[CVE-2021-30549](<https://vulners.com/cve/CVE-2021-30549>)6.8High \n[CVE-2021-30551](<https://vulners.com/cve/CVE-2021-30551>)6.8High \n[CVE-2021-30547](<https://vulners.com/cve/CVE-2021-30547>)6.8High \n[CVE-2021-30553](<https://vulners.com/cve/CVE-2021-30553>)6.8High \n[CVE-2021-30552](<https://vulners.com/cve/CVE-2021-30552>)6.8High \n[CVE-2021-30548](<https://vulners.com/cve/CVE-2021-30548>)6.8High \n[CVE-2021-30544](<https://vulners.com/cve/CVE-2021-30544>)6.8High\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-11T00:00:00", "type": "kaspersky", "title": "KLA12205 Multiple vulnerabilities in Microsoft Browser", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30544", "CVE-2021-30545", "CVE-2021-30546", "CVE-2021-30547", "CVE-2021-30548", "CVE-2021-30549", "CVE-2021-30550", "CVE-2021-30551", "CVE-2021-30552", "CVE-2021-30553"], "modified": "2023-03-28T00:00:00", "id": "KLA12205", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12205/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-08T15:46:06", "description": "### *Detect date*:\n06/17/2021\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code.\n\n### *Affected products*:\nOpera earlier than 77.0.4054.90\n\n### *Solution*:\nUpdate to the latest version \n[Download Opera](<https://www.opera.com>)\n\n### *Original advisories*:\n[Changelog for Opera 77](<https://blogs.opera.com/desktop/changelog-for-77/#b4054.90>) \n[Stable Channel Update for Desktop](<https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Opera](<https://threats.kaspersky.com/en/product/Opera/>)\n\n### *CVE-IDS*:\n[CVE-2021-30545](<https://vulners.com/cve/CVE-2021-30545>)6.8High \n[CVE-2021-30550](<https://vulners.com/cve/CVE-2021-30550>)6.8High \n[CVE-2021-30546](<https://vulners.com/cve/CVE-2021-30546>)6.8High \n[CVE-2021-30549](<https://vulners.com/cve/CVE-2021-30549>)6.8High \n[CVE-2021-30551](<https://vulners.com/cve/CVE-2021-30551>)6.8High \n[CVE-2021-30547](<https://vulners.com/cve/CVE-2021-30547>)6.8High \n[CVE-2021-30553](<https://vulners.com/cve/CVE-2021-30553>)6.8High \n[CVE-2021-30552](<https://vulners.com/cve/CVE-2021-30552>)6.8High \n[CVE-2021-30548](<https://vulners.com/cve/CVE-2021-30548>)6.8High \n[CVE-2021-30544](<https://vulners.com/cve/CVE-2021-30544>)6.8High", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-17T00:00:00", "type": "kaspersky", "title": "KLA12209 Multiple vulnerabilities in Opera", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30544", "CVE-2021-30545", "CVE-2021-30546", "CVE-2021-30547", "CVE-2021-30548", "CVE-2021-30549", "CVE-2021-30550", "CVE-2021-30551", "CVE-2021-30552", "CVE-2021-30553"], "modified": "2021-06-22T00:00:00", "id": "KLA12209", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12209/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-28T17:34:26", "description": "### *Detect date*:\n06/18/2021\n\n### *Severity*:\nWarning\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service.\n\n### *Affected products*:\nMicrosoft Edge (Chromium-based)\n\n### *Solution*:\nInstall necessary updates from the Settings and more menu, that are listed in your About Microsoft Edge page (Microsoft Edge About page usually can be accessed from the Help and feedback option) \n[Microsoft Edge update settings](<https://support.microsoft.com/en-us/topic/microsoft-edge-update-settings-af8aaca2-1b69-4870-94fe-18822dbb7ef1>)\n\n### *Original advisories*:\n[CVE-2021-30556](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30556>) \n[CVE-2021-30555](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30555>) \n[CVE-2021-30554](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30554>) \n[CVE-2021-30557](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-30557>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Edge](<https://threats.kaspersky.com/en/product/Microsoft-Edge/>)\n\n### *CVE-IDS*:\n[CVE-2021-30556](<https://vulners.com/cve/CVE-2021-30556>)6.8High \n[CVE-2021-30555](<https://vulners.com/cve/CVE-2021-30555>)6.8High \n[CVE-2021-30554](<https://vulners.com/cve/CVE-2021-30554>)6.8High \n[CVE-2021-30557](<https://vulners.com/cve/CVE-2021-30557>)6.8High\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-18T00:00:00", "type": "kaspersky", "title": "KLA12211 Multiple vulnerabilities in Microsoft Browser", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30554", "CVE-2021-30555", "CVE-2021-30556", "CVE-2021-30557"], "modified": "2023-03-28T00:00:00", "id": "KLA12211", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12211/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-08T15:46:05", "description": "### *Detect date*:\n06/17/2021\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service.\n\n### *Affected products*:\nGoogle Chrome earlier than 91.0.4472.114\n\n### *Solution*:\nUpdate to the latest version \n[Download Google Chrome](<https://www.google.com/chrome/>)\n\n### *Original advisories*:\n[Stable Channel Update for Desktop](<https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Google Chrome](<https://threats.kaspersky.com/en/product/Google-Chrome/>)\n\n### *CVE-IDS*:\n[CVE-2021-30556](<https://vulners.com/cve/CVE-2021-30556>)6.8High \n[CVE-2021-30555](<https://vulners.com/cve/CVE-2021-30555>)6.8High \n[CVE-2021-30554](<https://vulners.com/cve/CVE-2021-30554>)6.8High \n[CVE-2021-30557](<https://vulners.com/cve/CVE-2021-30557>)6.8High", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-17T00:00:00", "type": "kaspersky", "title": "KLA12210 Multiple vulnerabilities in Google Chrome", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30554", "CVE-2021-30555", "CVE-2021-30556", "CVE-2021-30557"], "modified": "2021-06-22T00:00:00", "id": "KLA12210", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12210/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-08T15:45:57", "description": "### *Detect date*:\n04/12/2021\n\n### *Severity*:\nWarning\n\n### *Description*:\nMultiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service.\n\n### *Affected products*:\nOpera earlier than 77.0.4054.146\n\n### *Solution*:\nUpdate to the latest version \n[Download Opera](<https://www.opera.com>)\n\n### *Original advisories*:\n[Changelog for Opera 77](<https://blogs.opera.com/desktop/changelog-for-77/#b4054.146>) \n[Stable Channel Update for Desktop](<https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Opera](<https://threats.kaspersky.com/en/product/Opera/>)\n\n### *CVE-IDS*:\n[CVE-2021-30556](<https://vulners.com/cve/CVE-2021-30556>)6.8High \n[CVE-2021-30555](<https://vulners.com/cve/CVE-2021-30555>)6.8High \n[CVE-2021-30554](<https://vulners.com/cve/CVE-2021-30554>)6.8High \n[CVE-2021-30557](<https://vulners.com/cve/CVE-2021-30557>)6.8High", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-04-12T00:00:00", "type": "kaspersky", "title": "KLA12215 Multiple vulnerabilities in Opera", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30554", "CVE-2021-30555", "CVE-2021-30556", "CVE-2021-30557"], "modified": "2021-07-27T00:00:00", "id": "KLA12215", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12215/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2022-08-03T14:31:37", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4917-1 security@debian.org\nhttps://www.debian.org/security/ Michael Gilbert\nMay 17, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium\nCVE ID : CVE-2021-30506 CVE-2021-30507 CVE-2021-30508 CVE-2021-30509\n CVE-2021-30510 CVE-2021-30511 CVE-2021-30512 CVE-2021-30513\n CVE-2021-30514 CVE-2021-30515 CVE-2021-30516 CVE-2021-30517\n CVE-2021-30518 CVE-2021-30519 CVE-2021-30520\n\nSeveral vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2021-30506\n\n @retsew0x01 discovered an error in the Web App installation interface.\n\nCVE-2021-30507\n\n Alison Huffman discovered an error in the Offline mode.\n\nCVE-2021-30508\n\n Leecraso and Guang Gong discovered a buffer overflow issue in the Media\n Feeds implementation.\n\nCVE-2021-30509\n\n David Erceg discovered an out-of-bounds write issue in the Tab Strip\n implementation.\n\nCVE-2021-30510\n\n Weipeng Jiang discovered a race condition in the aura window manager.\n\nCVE-2021-30511\n\n David Erceg discovered an out-of-bounds read issue in the Tab Strip\n implementation.\n\nCVE-2021-30512\n\n ZhanJia Song discovered a use-after-free issue in the notifications\n implementation.\n\nCVE-2021-30513\n\n Man Yue Mo discovered an incorrect type in the v8 javascript library.\n\nCVE-2021-30514\n\n koocola and Wang discovered a use-after-free issue in the Autofill\n feature.\n\nCVE-2021-30515\n\n Rong Jian and Guang Gong discovered a use-after-free issue in the file\n system access API.\n\nCVE-2021-30516\n\n ZhanJia Song discovered a buffer overflow issue in the browsing history.\n\nCVE-2021-30517\n\n Jun Kokatsu discovered a buffer overflow issue in the reader mode.\n\nCVE-2021-30518\n\n laural discovered use of an incorrect type in the v8 javascript library.\n\nCVE-2021-30519\n\n asnine discovered a use-after-free issue in the Payments feature.\n\nCVE-2021-30520\n\n Khalil Zhani discovered a use-after-free issue in the Tab Strip\n implementation.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 90.0.4430.212-1~deb10u1.\n\nWe recommend that you upgrade your chromium packages.\n\nFor the detailed security status of chromium please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/chromium\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-05-18T02:48:55", "type": "debian", "title": "[SECURITY] [DSA 4917-1] chromium security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30506", "CVE-2021-30507", "CVE-2021-30508", "CVE-2021-30509", "CVE-2021-30510", "CVE-2021-30511", "CVE-2021-30512", "CVE-2021-30513", "CVE-2021-30514", "CVE-2021-30515", "CVE-2021-30516", "CVE-2021-30517", "CVE-2021-30518", "CVE-2021-30519", "CVE-2021-30520"], "modified": "2021-05-18T02:48:55", "id": "DEBIAN:DSA-4917-1:75B06", "href": "https://lists.debian.org/debian-security-announce/2021/msg00098.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T18:14:26", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4917-1 security@debian.org\nhttps://www.debian.org/security/ Michael Gilbert\nMay 17, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium\nCVE ID : CVE-2021-30506 CVE-2021-30507 CVE-2021-30508 CVE-2021-30509\n CVE-2021-30510 CVE-2021-30511 CVE-2021-30512 CVE-2021-30513\n CVE-2021-30514 CVE-2021-30515 CVE-2021-30516 CVE-2021-30517\n CVE-2021-30518 CVE-2021-30519 CVE-2021-30520\n\nSeveral vulnerabilities have been discovered in the chromium web browser.\n\nCVE-2021-30506\n\n @retsew0x01 discovered an error in the Web App installation interface.\n\nCVE-2021-30507\n\n Alison Huffman discovered an error in the Offline mode.\n\nCVE-2021-30508\n\n Leecraso and Guang Gong discovered a buffer overflow issue in the Media\n Feeds implementation.\n\nCVE-2021-30509\n\n David Erceg discovered an out-of-bounds write issue in the Tab Strip\n implementation.\n\nCVE-2021-30510\n\n Weipeng Jiang discovered a race condition in the aura window manager.\n\nCVE-2021-30511\n\n David Erceg discovered an out-of-bounds read issue in the Tab Strip\n implementation.\n\nCVE-2021-30512\n\n ZhanJia Song discovered a use-after-free issue in the notifications\n implementation.\n\nCVE-2021-30513\n\n Man Yue Mo discovered an incorrect type in the v8 javascript library.\n\nCVE-2021-30514\n\n koocola and Wang discovered a use-after-free issue in the Autofill\n feature.\n\nCVE-2021-30515\n\n Rong Jian and Guang Gong discovered a use-after-free issue in the file\n system access API.\n\nCVE-2021-30516\n\n ZhanJia Song discovered a buffer overflow issue in the browsing history.\n\nCVE-2021-30517\n\n Jun Kokatsu discovered a buffer overflow issue in the reader mode.\n\nCVE-2021-30518\n\n laural discovered use of an incorrect type in the v8 javascript library.\n\nCVE-2021-30519\n\n asnine discovered a use-after-free issue in the Payments feature.\n\nCVE-2021-30520\n\n Khalil Zhani discovered a use-after-free issue in the Tab Strip\n implementation.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 90.0.4430.212-1~deb10u1.\n\nWe recommend that you upgrade your chromium packages.\n\nFor the detailed security status of chromium please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/chromium\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-05-18T02:48:55", "type": "debian", "title": "[SECURITY] [DSA 4917-1] chromium security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30506", "CVE-2021-30507", "CVE-2021-30508", "CVE-2021-30509", "CVE-2021-30510", "CVE-2021-30511", "CVE-2021-30512", "CVE-2021-30513", "CVE-2021-30514", "CVE-2021-30515", "CVE-2021-30516", "CVE-2021-30517", "CVE-2021-30518", "CVE-2021-30519", "CVE-2021-30520"], "modified": "2021-05-18T02:48:55", "id": "DEBIAN:DSA-4917-1:C4284", "href": "https://lists.debian.org/debian-security-announce/2021/msg00098.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2022-07-21T08:22:18", "description": "\nSeveral vulnerabilities have been discovered in the chromium web browser.\n\n\n* [CVE-2021-30506](https://security-tracker.debian.org/tracker/CVE-2021-30506)\n@retsew0x01 discovered an error in the Web App installation interface.\n* [CVE-2021-30507](https://security-tracker.debian.org/tracker/CVE-2021-30507)\nAlison Huffman discovered an error in the Offline mode.\n* [CVE-2021-30508](https://security-tracker.debian.org/tracker/CVE-2021-30508)\nLeecraso and Guang Gong discovered a buffer overflow issue in the Media\n Feeds implementation.\n* [CVE-2021-30509](https://security-tracker.debian.org/tracker/CVE-2021-30509)\nDavid Erceg discovered an out-of-bounds write issue in the Tab Strip\n implementation.\n* [CVE-2021-30510](https://security-tracker.debian.org/tracker/CVE-2021-30510)\nWeipeng Jiang discovered a race condition in the aura window manager.\n* [CVE-2021-30511](https://security-tracker.debian.org/tracker/CVE-2021-30511)\nDavid Erceg discovered an out-of-bounds read issue in the Tab Strip\n implementation.\n* [CVE-2021-30512](https://security-tracker.debian.org/tracker/CVE-2021-30512)\nZhanJia Song discovered a use-after-free issue in the notifications\n implementation.\n* [CVE-2021-30513](https://security-tracker.debian.org/tracker/CVE-2021-30513)\nMan Yue Mo discovered an incorrect type in the v8 javascript library.\n* [CVE-2021-30514](https://security-tracker.debian.org/tracker/CVE-2021-30514)\nkoocola and Wang discovered a use-after-free issue in the Autofill\n feature.\n* [CVE-2021-30515](https://security-tracker.debian.org/tracker/CVE-2021-30515)\nRong Jian and Guang Gong discovered a use-after-free issue in the file\n system access API.\n* [CVE-2021-30516](https://security-tracker.debian.org/tracker/CVE-2021-30516)\nZhanJia Song discovered a buffer overflow issue in the browsing history.\n* [CVE-2021-30517](https://security-tracker.debian.org/tracker/CVE-2021-30517)\nJun Kokatsu discovered a buffer overflow issue in the reader mode.\n* [CVE-2021-30518](https://security-tracker.debian.org/tracker/CVE-2021-30518)\nlaural discovered use of an incorrect type in the v8 javascript library.\n* [CVE-2021-30519](https://security-tracker.debian.org/tracker/CVE-2021-30519)\nasnine discovered a use-after-free issue in the Payments feature.\n* [CVE-2021-30520](https://security-tracker.debian.org/tracker/CVE-2021-30520)\nKhalil Zhani discovered a use-after-free issue in the Tab Strip\n implementation.\n\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 90.0.4430.212-1~deb10u1.\n\n\nWe recommend that you upgrade your chromium packages.\n\n\nFor the detailed security status of chromium please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/chromium](https://security-tracker.debian.org/tracker/chromium)\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-05-17T00:00:00", "type": "osv", "title": "chromium - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30519", "CVE-2021-30516", "CVE-2021-30513", "CVE-2021-30518", "CVE-2021-30508", "CVE-2021-30514", "CVE-2021-30506", "CVE-2021-30515", "CVE-2021-30512", "CVE-2021-30511", "CVE-2021-30517", "CVE-2021-30509", "CVE-2021-30507", "CVE-2021-30510", "CVE-2021-30520"], "modified": "2022-07-21T05:50:46", "id": "OSV:DSA-4917-1", "href": "https://osv.dev/vulnerability/DSA-4917-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "thn": [{"lastseen": "2022-05-09T12:37:56", "description": "[![Update Chrome Browser](https://thehackernews.com/images/-F1yuaWSy7gY/YMwPdaXQ2DI/AAAAAAAAC6A/mimpmywKfJIUJoPg7HuGaeY4E1nZogbKQCLcBGAsYHQ/s728-e1000/chrome-update.jpg)](<https://thehackernews.com/images/-F1yuaWSy7gY/YMwPdaXQ2DI/AAAAAAAAC6A/mimpmywKfJIUJoPg7HuGaeY4E1nZogbKQCLcBGAsYHQ/s0/chrome-update.jpg>)\n\nGoogle has rolled out yet another update to Chrome browser for Windows, Mac, and Linux to fix four security vulnerabilities, including one zero-day flaw that's being exploited in the wild.\n\nTracked as **CVE-2021-30554**, the high severity flaw concerns a [use after free vulnerability](<https://cwe.mitre.org/data/definitions/416.html>) in WebGL (aka Web Graphics Library), a JavaScript API for rendering interactive 2D and 3D graphics within the browser.\n\nSuccessful exploitation of the flaw could mean corruption of valid data, leading to a crash, and even execution of unauthorized code or commands.\n\nThe issue was reported to Google anonymously on June 15, Chrome technical program manager Srinivas Sista [noted](<https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html>), adding the company is \"aware that an exploit for CVE-2021-30554 exists in the wild.\"\n\n[![](https://thehackernews.com/images/-ZBYemfi9DNk/YMwOkeK_woI/AAAAAAAAC54/vEnl5bwj7bEa33jqkIiw-8fKTpRk0l-FQCLcBGAsYHQ/s0/hacker.jpg)](<https://thehackernews.com/images/-ZBYemfi9DNk/YMwOkeK_woI/AAAAAAAAC54/vEnl5bwj7bEa33jqkIiw-8fKTpRk0l-FQCLcBGAsYHQ/s0/hacker.jpg>)\n\nWhile it's usually the norm to limit details of the vulnerability until a majority of users are updated with the fix, the development comes less than 10 days after Google addressed another zero-day vulnerability exploited in active attacks ([CVE-2021-30551](<https://thehackernews.com/2021/06/new-chrome-0-day-bug-under-active.html>)).\n\nCVE-2021-30554 is also the eighth zero-day flaw patched by Google since the start of the year.\n\n\"I'm happy we are getting better at detecting these exploits and the great partnerships we have to get the vulnerabilities patched, but I remain concerned about how many are being discovered on an ongoing basis and the role of commercial providers,\" [tweeted](<https://twitter.com/ShaneHuntley/status/1402320073818132483>) Shane Huntley, Director of Google's Threat Analysis Group, on June 8.\n\nChrome users are recommended to update to the latest version (91.0.4472.114) by heading to Settings > Help > 'About Google Chrome' to mitigate the risk associated with the flaw.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-18T03:16:00", "type": "thn", "title": "Update\u200c \u200cYour Chrome Browser to Patch Yet Another 0-Day Exploit\u200ced \u200cin\u200c-the\u200c-Wild", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30551", "CVE-2021-30554"], "modified": "2021-06-18T03:33:11", "id": "THN:62ECC5B73032124D6559355B66E1C469", "href": "https://thehackernews.com/2021/06/update-your-chrome-browser-to-patch-yet.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "threatpost": [{"lastseen": "2021-06-10T20:47:57", "description": "Google is warning that a bug in its Chrome web browser is actively under attack, and it is urging users to upgrade to the latest 91.0.4472.101 version to mitigate the issue.\n\nIn all, Google rolled out fixes for 14 bugs impacting its Windows, Mac and Linux browsers as part of its June update [to the Chrome desktop browser](<https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html>).\n\n\u201cGoogle is aware that an exploit for CVE-2021-30551 exists in the wild,\u201d wrote Chrome technical program manager Prudhvikumar Bommana [in a Wednesday post](<https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html>). That exploit is identified as a type confusion bug within Google\u2019s V8 open-source JavaScript and WebAssembly engine. \n[![](https://media.threatpost.com/wp-content/uploads/sites/103/2019/02/19151457/subscribe2.jpg)](<https://threatpost.com/newsletter-sign/>)The confusion vulnerability is tied to the browser\u2019s ActionScript Virtual Machine. \u201cUsually, when a piece of code doesn\u2019t verify the type of object that is passed to it, and uses it blindly without type-checking, it leads to type confusion,\u201d according to a [technical description of the bug](<https://www.microsoft.com/security/blog/2015/06/17/understanding-type-confusion-vulnerabilities-cve-2015-0336/#:~:text=The%20vulnerability%20is%20a%20%E2%80%9Ctype,it%20leads%20to%20type%20confusion.>).\n\n## **Possible Wider Impact of Exploited Chrome Browser Bug **\n\nThe update coincides with the release of the Android Chrome browser to Chrome 91 (91.0.4472.101), also [on Wednesday](<https://chromereleases.googleblog.com/2021/06/chrome-for-android-update_01297860997.html>). While the desktop and mobile versions of the Chrome web browser share the same version number, it is unclear if the updated Android Chrome browser is impacted by the same vulnerabilities.\n\nAlso unclear is if Microsoft\u2019s Edge browser, based on the Chromium open-source browser codebase (principally developed and maintained by Google), is also impacted.\n\nIn related news, on Tuesday, Microsoft released a patch for vulnerabilities under active attack, including [CVE-2021-33742](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33742>), impacting its Edge browser. That bug [is a remote-code execution](<https://threatpost.com/microsoft-patch-tuesday-in-the-wild-exploits/166724/>) (RCE) vulnerability within the Edge browser\u2019s MSHTML component.\n\n\u201cThe MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control,\u201d Microsoft explained.\n\n## **Critical Browser Cache Bug: CVE-2021-30544**\n\nAs part of the June Chrome update, Google patched a critical use-after-free bug (CVE-2021-30544) within the browser\u2019s optimization engine called BFCache. This browser component enables back-and-forward navigation between cached webpages within Chrome.\n\nAs customary with recently disclosed bugs, Google did not release the details tied to any of the vulnerabilities patched Wednesday. \u201cAccess to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven\u2019t yet fixed,\u201d the Google advisory stated.\n\nGoogle credits Rong Jian and Guang Gong of 360 Alpha Lab for finding the BFCache bug in May. For their bug hunting efforts, the pair earned $25,000.\n\n**Download our exclusive FREE Threatpost Insider eBook, ****_\u201c_**[**_2021: The Evolution of Ransomware_**](<https://threatpost.com/ebooks/2021-the-evolution-of-ransomware/?utm_source=April_eBook&utm_medium=ART&utm_campaign=ART>)**_,\u201d_**** to help hone your cyber-defense strategies against this growing scourge. We go beyond the status quo to uncover what\u2019s next for ransomware and the related emerging risks. Get the whole story and **[**DOWNLOAD**](<https://threatpost.com/ebooks/2021-the-evolution-of-ransomware/?utm_source=April_eBook&utm_medium=ART&utm_campaign=ART>)** the eBook now \u2013 on us!**\n", "cvss3": {}, "published": "2021-06-10T20:07:53", "type": "threatpost", "title": "Chrome Browser Bug Under Active Attack", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2015-0336", "CVE-2021-30544", "CVE-2021-30551", "CVE-2021-33742"], "modified": "2021-06-10T20:07:53", "id": "THREATPOST:DE317ED7C5E4858FE861A15F96F6BCFD", "href": "https://threatpost.com/chrome-browser-bug-under-attack/166804/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "mscve": [{"lastseen": "2023-03-17T02:34:13", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2021>) for more information\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2021-05-27T07:00:00", "type": "mscve", "title": "Chromium: CVE-2021-30537 Insufficient policy enforcement in cookies", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30537"], "modified": "2021-05-27T07:00:00", "id": "MS:CVE-2021-30537", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-30537", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-03-17T02:34:13", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2021>) for more information\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-05-27T07:00:00", "type": "mscve", "title": "Chromium: CVE-2021-30521 Heap buffer overflow in Autofill", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30521"], "modified": "2021-05-27T07:00:00", "id": "MS:CVE-2021-30521", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-30521", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-17T02:34:13", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2021>) for more information\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2021-05-27T07:00:00", "type": "mscve", "title": "Chromium: CVE-2021-30538 Insufficient policy enforcement in content security policy", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30538"], "modified": "2021-05-27T07:00:00", "id": "MS:CVE-2021-30538", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-30538", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-03-17T02:34:13", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2021>) for more information\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-05-27T07:00:00", "type": "mscve", "title": "Chromium: CVE-2021-30528 Use after free in WebAuthentication", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30528"], "modified": "2021-05-27T07:00:00", "id": "MS:CVE-2021-30528", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-30528", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-17T02:34:13", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2021>) for more information\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-05-27T07:00:00", "type": "mscve", "title": "Chromium: CVE-2021-30529 Use after free in Bookmarks", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30529"], "modified": "2021-05-27T07:00:00", "id": "MS:CVE-2021-30529", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-30529", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-17T02:34:13", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2021>) for more information\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-05-27T07:00:00", "type": "mscve", "title": "Chromium: CVE-2021-30527 Use after free in WebUI", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30527"], "modified": "2021-05-27T07:00:00", "id": "MS:CVE-2021-30527", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-30527", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-17T02:34:13", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2021>) for more information\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2021-05-27T07:00:00", "type": "mscve", "title": "Chromium: CVE-2021-30532 Insufficient policy enforcement in Content Security Policy", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30532"], "modified": "2021-05-27T07:00:00", "id": "MS:CVE-2021-30532", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-30532", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-03-17T02:34:13", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2021>) for more information\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-05-27T07:00:00", "type": "mscve", "title": "Chromium: CVE-2021-30540 Incorrect security UI in payments", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30540"], "modified": "2021-05-27T07:00:00", "id": "MS:CVE-2021-30540", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-30540", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-03-17T02:34:13", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2021>) for more information\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.5}, "published": "2021-05-27T07:00:00", "type": "mscve", "title": "Chromium: CVE-2021-30539 Insufficient policy enforcement in content security policy", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30539"], "modified": "2021-05-27T07:00:00", "id": "MS:CVE-2021-30539", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-30539", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-03-17T02:34:13", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2021>) for more information\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-05-27T07:00:00", "type": "mscve", "title": "Chromium: CVE-2021-30523 Use after free in WebRTC", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30523"], "modified": "2021-05-27T07:00:00", "id": "MS:CVE-2021-30523", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-30523", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-17T02:34:13", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2021>) for more information\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-05-27T07:00:00", "type": "mscve", "title": "Chromium: CVE-2021-30531 Insufficient policy enforcement in Content Security Policy", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30531"], "modified": "2021-05-27T07:00:00", "id": "MS:CVE-2021-30531", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-30531", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-03-17T02:34:13", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2021>) for more information\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-05-27T07:00:00", "type": "mscve", "title": "Chromium: CVE-2021-30530 Out of bounds memory access in WebAudio", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30530"], "modified": "2021-05-27T07:00:00", "id": "MS:CVE-2021-30530", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-30530", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-17T02:34:13", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2021>) for more information\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-05-27T07:00:00", "type": "mscve", "title": "Chromium: CVE-2021-30534 Insufficient policy enforcement in iFrameSandbox", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30534"], "modified": "2021-05-27T07:00:00", "id": "MS:CVE-2021-30534", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-30534", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-03-17T02:34:13", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2021>) for more information\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-05-27T07:00:00", "type": "mscve", "title": "Chromium: CVE-2021-30535 Double free in ICU", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30535"], "modified": "2021-05-27T07:00:00", "id": "MS:CVE-2021-30535", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-30535", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-17T02:34:13", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2021>) for more information\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2021-05-27T07:00:00", "type": "mscve", "title": "Chromium: CVE-2021-30536 Out of bounds read in V8", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30536"], "modified": "2021-05-27T07:00:00", "id": "MS:CVE-2021-30536", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-30536", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-03-17T02:34:13", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2021>) for more information\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-05-27T07:00:00", "type": "mscve", "title": "Chromium: CVE-2021-30524 Use after free in TabStrip", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30524"], "modified": "2021-05-27T07:00:00", "id": "MS:CVE-2021-30524", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-30524", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-17T02:34:07", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2021>) for more information.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-11T07:00:00", "type": "mscve", "title": "Chromium: CVE-2021-30546 Use after free in Autofill", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30546"], "modified": "2021-06-11T07:00:00", "id": "MS:CVE-2021-30546", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-30546", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-17T02:34:07", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2021>) for more information.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-11T07:00:00", "type": "mscve", "title": "Chromium: CVE-2021-30549 Use after free in Spell check", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30549"], "modified": "2021-06-11T07:00:00", "id": "MS:CVE-2021-30549", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-30549", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-17T02:34:07", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2021>) for more information.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-11T07:00:00", "type": "mscve", "title": "Chromium: CVE-2021-30553 Use after free in Network service", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30553"], "modified": "2021-06-11T07:00:00", "id": "MS:CVE-2021-30553", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-30553", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-17T02:34:07", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2021>) for more information.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-18T16:22:03", "type": "mscve", "title": "Chromium: CVE-2021-30555 Use after free in Sharing", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30555"], "modified": "2021-06-18T16:22:03", "id": "MS:CVE-2021-30555", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-30555", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-17T02:34:13", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2021>) for more information\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-05-27T07:00:00", "type": "mscve", "title": "Chromium: CVE-2021-30533 Insufficient policy enforcement in PopupBlocker", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30533"], "modified": "2021-05-27T07:00:00", "id": "MS:CVE-2021-30533", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-30533", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-03-17T02:34:07", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2021>) for more information.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-11T07:00:00", "type": "mscve", "title": "Chromium: CVE-2021-30545 Use after free in Extensions", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30545"], "modified": "2021-06-11T07:00:00", "id": "MS:CVE-2021-30545", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-30545", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-17T02:34:13", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2021>) for more information\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-05-27T07:00:00", "type": "mscve", "title": "Chromium: CVE-2021-30526 Out of bounds write in TabStrip", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30526"], "modified": "2021-05-27T07:00:00", "id": "MS:CVE-2021-30526", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-30526", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2023-02-03T13:35:57", "description": "Use after free in WebAuthentication in Google Chrome on Android prior to\n91.0.4472.77 allowed a remote attacker who had compromised the renderer\nprocess of a user who had saved a credit card in their Google account to\npotentially exploit heap corruption via a crafted HTML page.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-07T00:00:00", "type": "ubuntucve", "title": "CVE-2021-30528", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30528"], "modified": "2021-06-07T00:00:00", "id": "UB:CVE-2021-30528", "href": "https://ubuntu.com/security/CVE-2021-30528", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-03T13:35:54", "description": "Insufficient policy enforcement in cookies in Google Chrome prior to\n91.0.4472.77 allowed a remote attacker to bypass cookie policy via a\ncrafted HTML page.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2021-06-07T00:00:00", "type": "ubuntucve", "title": "CVE-2021-30537", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30537"], "modified": "2021-06-07T00:00:00", "id": "UB:CVE-2021-30537", "href": "https://ubuntu.com/security/CVE-2021-30537", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-02-03T13:35:57", "description": "Heap buffer overflow in Autofill in Google Chrome on Android prior to\n91.0.4472.77 allowed a remote attacker to perform out of bounds memory\naccess via a crafted HTML page.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-07T00:00:00", "type": "ubuntucve", "title": "CVE-2021-30521", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30521"], "modified": "2021-06-07T00:00:00", "id": "UB:CVE-2021-30521", "href": "https://ubuntu.com/security/CVE-2021-30521", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-03T13:35:54", "description": "Insufficient policy enforcement in content security policy in Google Chrome\nprior to 91.0.4472.77 allowed a remote attacker to bypass content security\npolicy via a crafted HTML page.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2021-06-07T00:00:00", "type": "ubuntucve", "title": "CVE-2021-30538", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30538"], "modified": "2021-06-07T00:00:00", "id": "UB:CVE-2021-30538", "href": "https://ubuntu.com/security/CVE-2021-30538", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-02-03T13:35:56", "description": "Use after free in WebUI in Google Chrome prior to 91.0.4472.77 allowed an\nattacker who convinced a user to install a malicious extension to\npotentially exploit heap corruption via a crafted HTML page.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-07T00:00:00", "type": "ubuntucve", "title": "CVE-2021-30527", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30527"], "modified": "2021-06-07T00:00:00", "id": "UB:CVE-2021-30527", "href": "https://ubuntu.com/security/CVE-2021-30527", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-03T13:35:57", "description": "Use after free in Bookmarks in Google Chrome prior to 91.0.4472.77 allowed\nan attacker who convinced a user to install a malicious extension to\npotentially exploit heap corruption via a crafted HTML page.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-07T00:00:00", "type": "ubuntucve", "title": "CVE-2021-30529", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30529"], "modified": "2021-06-07T00:00:00", "id": "UB:CVE-2021-30529", "href": "https://ubuntu.com/security/CVE-2021-30529", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-03T13:35:55", "description": "Insufficient policy enforcement in Content Security Policy in Google Chrome\nprior to 91.0.4472.77 allowed a remote attacker to bypass content security\npolicy via a crafted HTML page.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2021-06-07T00:00:00", "type": "ubuntucve", "title": "CVE-2021-30532", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30532"], "modified": "2021-06-07T00:00:00", "id": "UB:CVE-2021-30532", "href": "https://ubuntu.com/security/CVE-2021-30532", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-02-03T13:35:53", "description": "Incorrect security UI in payments in Google Chrome on Android prior to\n91.0.4472.77 allowed a remote attacker to perform domain spoofing via a\ncrafted HTML page.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-06-07T00:00:00", "type": "ubuntucve", "title": "CVE-2021-30540", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30540"], "modified": "2021-06-07T00:00:00", "id": "UB:CVE-2021-30540", "href": "https://ubuntu.com/security/CVE-2021-30540", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-02-03T13:35:57", "description": "Insufficient policy enforcement in Content Security Policy in Google Chrome\nprior to 91.0.4472.77 allowed a remote attacker to bypass content security\npolicy via a crafted HTML page.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-06-07T00:00:00", "type": "ubuntucve", "title": "CVE-2021-30531", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30531"], "modified": "2021-06-07T00:00:00", "id": "UB:CVE-2021-30531", "href": "https://ubuntu.com/security/CVE-2021-30531", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-02-03T13:35:55", "description": "Insufficient policy enforcement in content security policy in Google Chrome\nprior to 91.0.4472.77 allowed a remote attacker to bypass content security\npolicy via a crafted HTML page.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.5}, "published": "2021-06-07T00:00:00", "type": "ubuntucve", "title": "CVE-2021-30539", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30539"], "modified": "2021-06-07T00:00:00", "id": "UB:CVE-2021-30539", "href": "https://ubuntu.com/security/CVE-2021-30539", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-03T13:35:58", "description": "Use after free in WebRTC in Google Chrome prior to 91.0.4472.77 allowed a\nremote attacker to potentially exploit heap corruption via a crafted SCTP\npacket.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-07T00:00:00", "type": "ubuntucve", "title": "CVE-2021-30523", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30523"], "modified": "2021-06-07T00:00:00", "id": "UB:CVE-2021-30523", "href": "https://ubuntu.com/security/CVE-2021-30523", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-03T13:35:56", "description": "Out of bounds memory access in WebAudio in Google Chrome prior to\n91.0.4472.77 allowed a remote attacker to perform out of bounds memory\naccess via a crafted HTML page.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-07T00:00:00", "type": "ubuntucve", "title": "CVE-2021-30530", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30530"], "modified": "2021-06-07T00:00:00", "id": "UB:CVE-2021-30530", "href": "https://ubuntu.com/security/CVE-2021-30530", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-03T13:35:55", "description": "Insufficient policy enforcement in iFrameSandbox in Google Chrome prior to\n91.0.4472.77 allowed a remote attacker to bypass navigation restrictions\nvia a crafted HTML page.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-06-07T00:00:00", "type": "ubuntucve", "title": "CVE-2021-30534", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30534"], "modified": "2021-06-07T00:00:00", "id": "UB:CVE-2021-30534", "href": "https://ubuntu.com/security/CVE-2021-30534", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-02-03T13:35:55", "description": "Double free in ICU in Google Chrome prior to 91.0.4472.77 allowed a remote\nattacker to potentially exploit heap corruption via a crafted HTML page.\n\n#### Bugs\n\n * <https://bugs.chromium.org/p/chromium/issues/detail?id=1194899>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap \n[rodrigo-zaiden](<https://launchpad.net/~rodrigo-zaiden>) | ICU issue was introduced in commit https://github.com/unicode-org/icu/commit/596647c0, released in version 66.1. So, trusty, xenial and bionic are not affected\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-07T00:00:00", "type": "ubuntucve", "title": "CVE-2021-30535", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30535"], "modified": "2021-06-07T00:00:00", "id": "UB:CVE-2021-30535", "href": "https://ubuntu.com/security/CVE-2021-30535", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-03T13:35:55", "description": "Out of bounds read in V8 in Google Chrome prior to 91.0.4472.77 allowed a\nremote attacker to potentially exploit stack corruption via a crafted HTML\npage.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2021-06-07T00:00:00", "type": "ubuntucve", "title": "CVE-2021-30536", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30536"], "modified": "2021-06-07T00:00:00", "id": "UB:CVE-2021-30536", "href": "https://ubuntu.com/security/CVE-2021-30536", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-02-03T13:35:57", "description": "Use after free in TabStrip in Google Chrome prior to 91.0.4472.77 allowed\nan attacker who convinced a user to install a malicious extension to\npotentially exploit heap corruption via a crafted HTML page.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-07T00:00:00", "type": "ubuntucve", "title": "CVE-2021-30524", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30524"], "modified": "2021-06-07T00:00:00", "id": "UB:CVE-2021-30524", "href": "https://ubuntu.com/security/CVE-2021-30524", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-03T13:35:36", "description": "Use after free in Autofill in Google Chrome prior to 91.0.4472.101 allowed\na remote attacker to potentially exploit heap corruption via a crafted HTML\npage.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-15T00:00:00", "type": "ubuntucve", "title": "CVE-2021-30546", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30546"], "modified": "2021-06-15T00:00:00", "id": "UB:CVE-2021-30546", "href": "https://ubuntu.com/security/CVE-2021-30546", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-03T13:35:34", "description": "Use after free in Spell check in Google Chrome prior to 91.0.4472.101\nallowed an attacker who convinced a user to install a malicious extension\nto potentially exploit heap corruption via a crafted HTML page.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-15T00:00:00", "type": "ubuntucve", "title": "CVE-2021-30549", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30549"], "modified": "2021-06-15T00:00:00", "id": "UB:CVE-2021-30549", "href": "https://ubuntu.com/security/CVE-2021-30549", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-03T13:35:12", "description": "Use after free in Sharing in Google Chrome prior to 91.0.4472.114 allowed\nan attacker who convinced a user to install a malicious extension to\npotentially exploit heap corruption via a crafted HTML page and user\ngesture.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-02T00:00:00", "type": "ubuntucve", "title": "CVE-2021-30555", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30555"], "modified": "2021-07-02T00:00:00", "id": "UB:CVE-2021-30555", "href": "https://ubuntu.com/security/CVE-2021-30555", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-03T13:35:33", "description": "Use after free in Network service in Google Chrome prior to 91.0.4472.101\nallowed a remote attacker to potentially exploit heap corruption via a\ncrafted HTML page.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-15T00:00:00", "type": "ubuntucve", "title": "CVE-2021-30553", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30553"], "modified": "2021-06-15T00:00:00", "id": "UB:CVE-2021-30553", "href": "https://ubuntu.com/security/CVE-2021-30553", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-03T13:35:37", "description": "Use after free in Extensions in Google Chrome prior to 91.0.4472.101\nallowed a remote attacker who had compromised the renderer process to\npotentially exploit heap corruption via a crafted HTML page.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-15T00:00:00", "type": "ubuntucve", "title": "CVE-2021-30545", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30545"], "modified": "2021-06-15T00:00:00", "id": "UB:CVE-2021-30545", "href": "https://ubuntu.com/security/CVE-2021-30545", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-03T13:35:55", "description": "Insufficient policy enforcement in PopupBlocker in Google Chrome prior to\n91.0.4472.77 allowed a remote attacker to bypass navigation restrictions\nvia a crafted iframe.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-06-07T00:00:00", "type": "ubuntucve", "title": "CVE-2021-30533", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30533"], "modified": "2021-06-07T00:00:00", "id": "UB:CVE-2021-30533", "href": "https://ubuntu.com/security/CVE-2021-30533", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-02-03T13:35:56", "description": "Out of bounds write in TabStrip in Google Chrome prior to 91.0.4472.77\nallowed an attacker who convinced a user to install a malicious extension\nto perform an out of bounds memory write via a crafted HTML page.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | The Debian chromium source package is called chromium-browser in Ubuntu \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-07T00:00:00", "type": "ubuntucve", "title": "CVE-2021-30526", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30526"], "modified": "2021-06-07T00:00:00", "id": "UB:CVE-2021-30526", "href": "https://ubuntu.com/security/CVE-2021-30526", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2023-02-09T14:19:02", "description": "Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2021-06-07T20:15:00", "type": "cve", "title": "CVE-2021-30538", "cwe": ["CWE-863"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30538"], "modified": "2021-12-01T21:20:00", "cpe": ["cpe:/o:fedoraproject:fedora:33", "cpe:/o:fedoraproject:fedora:34"], "id": "CVE-2021-30538", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30538", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:19:01", "description": "Use after free in WebAuthentication in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker who had compromised the renderer process of a user who had saved a credit card in their Google account to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-07T20:15:00", "type": "cve", "title": "CVE-2021-30528", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30528"], "modified": "2021-12-01T20:29:00", "cpe": ["cpe:/o:fedoraproject:fedora:33", "cpe:/o:fedoraproject:fedora:34"], "id": "CVE-2021-30528", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30528", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:19:02", "description": "Insufficient policy enforcement in cookies in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass cookie policy via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2021-06-07T20:15:00", "type": "cve", "title": "CVE-2021-30537", "cwe": ["CWE-863"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30537"], "modified": "2021-12-01T19:08:00", "cpe": ["cpe:/o:fedoraproject:fedora:33", "cpe:/o:fedoraproject:fedora:34"], "id": "CVE-2021-30537", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30537", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:19:01", "description": "Heap buffer overflow in Autofill in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-07T20:15:00", "type": "cve", "title": "CVE-2021-30521", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30521"], "modified": "2021-12-01T20:31:00", "cpe": ["cpe:/o:fedoraproject:fedora:33", "cpe:/o:fedoraproject:fedora:34"], "id": "CVE-2021-30521", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30521", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:19:01", "description": "Use after free in WebUI in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-07T20:15:00", "type": "cve", "title": "CVE-2021-30527", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30527"], "modified": "2021-12-01T18:36:00", "cpe": ["cpe:/o:fedoraproject:fedora:33", "cpe:/o:fedoraproject:fedora:34"], "id": "CVE-2021-30527", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30527", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:19:01", "description": "Use after free in Bookmarks in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-07T20:15:00", "type": "cve", "title": "CVE-2021-30529", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30529"], "modified": "2021-12-01T20:29:00", "cpe": ["cpe:/o:fedoraproject:fedora:33", "cpe:/o:fedoraproject:fedora:34"], "id": "CVE-2021-30529", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30529", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:19:05", "description": "Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2021-06-07T20:15:00", "type": "cve", "title": "CVE-2021-30532", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30532"], "modified": "2022-07-12T17:42:00", "cpe": ["cpe:/o:fedoraproject:fedora:33", "cpe:/o:fedoraproject:fedora:34"], "id": "CVE-2021-30532", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30532", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:19:03", "description": "Incorrect security UI in payments in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform domain spoofing via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-06-07T20:15:00", "type": "cve", "title": "CVE-2021-30540", "cwe": ["CWE-74"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30540"], "modified": "2022-07-12T17:42:00", "cpe": ["cpe:/o:fedoraproject:fedora:33", "cpe:/o:fedoraproject:fedora:34"], "id": "CVE-2021-30540", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30540", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:19:02", "description": "Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-06-07T20:15:00", "type": "cve", "title": "CVE-2021-30531", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30531"], "modified": "2022-07-12T17:42:00", "cpe": ["cpe:/o:fedoraproject:fedora:33", "cpe:/o:fedoraproject:fedora:34"], "id": "CVE-2021-30531", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30531", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:19:01", "description": "Use after free in WebRTC in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-07T20:15:00", "type": "cve", "title": "CVE-2021-30523", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30523"], "modified": "2021-12-01T18:36:00", "cpe": ["cpe:/o:fedoraproject:fedora:33", "cpe:/o:fedoraproject:fedora:34"], "id": "CVE-2021-30523", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30523", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:19:02", "description": "Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.5}, "published": "2021-06-07T20:15:00", "type": "cve", "title": "CVE-2021-30539", "cwe": ["CWE-863"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30539"], "modified": "2021-12-01T19:08:00", "cpe": ["cpe:/o:fedoraproject:fedora:33", "cpe:/o:fedoraproject:fedora:34"], "id": "CVE-2021-30539", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30539", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:19:01", "description": "Out of bounds memory access in WebAudio in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-07T20:15:00", "type": "cve", "title": "CVE-2021-30530", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30530"], "modified": "2021-12-01T20:45:00", "cpe": ["cpe:/o:fedoraproject:fedora:33", "cpe:/o:fedoraproject:fedora:34"], "id": "CVE-2021-30530", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30530", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:19:02", "description": "Double free in ICU in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-07T20:15:00", "type": "cve", "title": "CVE-2021-30535", "cwe": ["CWE-415"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30535"], "modified": "2021-12-01T19:07:00", "cpe": ["cpe:/o:fedoraproject:fedora:33", "cpe:/o:fedoraproject:fedora:34"], "id": "CVE-2021-30535", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30535", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:19:02", "description": "Insufficient policy enforcement in iFrameSandbox in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-06-07T20:15:00", "type": "cve", "title": "CVE-2021-30534", "cwe": ["CWE-863"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30534"], "modified": "2021-12-01T19:03:00", "cpe": ["cpe:/o:fedoraproject:fedora:33", "cpe:/o:fedoraproject:fedora:34"], "id": "CVE-2021-30534", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30534", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:19:02", "description": "Out of bounds read in V8 in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2021-06-07T20:15:00", "type": "cve", "title": "CVE-2021-30536", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30536"], "modified": "2021-12-01T21:20:00", "cpe": ["cpe:/o:fedoraproject:fedora:33", "cpe:/o:fedoraproject:fedora:34"], "id": "CVE-2021-30536", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30536", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:19:02", "description": "Use after free in TabStrip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-07T20:15:00", "type": "cve", "title": "CVE-2021-30524", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30524"], "modified": "2021-12-01T18:36:00", "cpe": ["cpe:/o:fedoraproject:fedora:33", "cpe:/o:fedoraproject:fedora:34"], "id": "CVE-2021-30524", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30524", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:19:04", "description": "Use after free in Spell check in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-15T22:15:00", "type": "cve", "title": "CVE-2021-30549", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30549"], "modified": "2021-09-21T16:14:00", "cpe": ["cpe:/o:fedoraproject:fedora:33", "cpe:/o:fedoraproject:fedora:34"], "id": "CVE-2021-30549", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30549", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:19:04", "description": "Use after free in Autofill in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-15T22:15:00", "type": "cve", "title": "CVE-2021-30546", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30546"], "modified": "2021-09-20T17:02:00", "cpe": ["cpe:/o:fedoraproject:fedora:33", "cpe:/o:fedoraproject:fedora:34"], "id": "CVE-2021-30546", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30546", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:19:07", "description": "Use after free in Network service in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-15T22:15:00", "type": "cve", "title": "CVE-2021-30553", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30553"], "modified": "2021-09-21T16:14:00", "cpe": ["cpe:/o:fedoraproject:fedora:33", "cpe:/o:fedoraproject:fedora:34"], "id": "CVE-2021-30553", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30553", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:19:05", "description": "Use after free in Sharing in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and user gesture.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-02T19:15:00", "type": "cve", "title": "CVE-2021-30555", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30555"], "modified": "2021-09-20T18:55:00", "cpe": [], "id": "CVE-2021-30555", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30555", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-02-09T14:19:03", "description": "Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-15T22:15:00", "type": "cve", "title": "CVE-2021-30545", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30545"], "modified": "2021-09-20T17:02:00", "cpe": ["cpe:/o:fedoraproject:fedora:33", "cpe:/o:fedoraproject:fedora:34"], "id": "CVE-2021-30545", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30545", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:19:02", "description": "Insufficient policy enforcement in PopupBlocker in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted iframe.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-06-07T20:15:00", "type": "cve", "title": "CVE-2021-30533", "cwe": ["CWE-863"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30533"], "modified": "2021-12-01T19:03:00", "cpe": ["cpe:/o:fedoraproject:fedora:33", "cpe:/o:fedoraproject:fedora:34"], "id": "CVE-2021-30533", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30533", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:19:01", "description": "Out of bounds write in TabStrip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-07T20:15:00", "type": "cve", "title": "CVE-2021-30526", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30526"], "modified": "2021-12-01T18:36:00", "cpe": ["cpe:/o:fedoraproject:fedora:33", "cpe:/o:fedoraproject:fedora:34"], "id": "CVE-2021-30526", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30526", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*"]}], "debiancve": [{"lastseen": "2023-03-27T06:08:25", "description": "Use after free in WebAuthentication in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker who had compromised the renderer process of a user who had saved a credit card in their Google account to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-07T20:15:00", "type": "debiancve", "title": "CVE-2021-30528", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30528"], "modified": "2021-06-07T20:15:00", "id": "DEBIANCVE:CVE-2021-30528", "href": "https://security-tracker.debian.org/tracker/CVE-2021-30528", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-27T06:08:25", "description": "Heap buffer overflow in Autofill in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-07T20:15:00", "type": "debiancve", "title": "CVE-2021-30521", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30521"], "modified": "2021-06-07T20:15:00", "id": "DEBIANCVE:CVE-2021-30521", "href": "https://security-tracker.debian.org/tracker/CVE-2021-30521", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-27T06:08:25", "description": "Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2021-06-07T20:15:00", "type": "debiancve", "title": "CVE-2021-30538", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30538"], "modified": "2021-06-07T20:15:00", "id": "DEBIANCVE:CVE-2021-30538", "href": "https://security-tracker.debian.org/tracker/CVE-2021-30538", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-03-27T06:08:25", "description": "Insufficient policy enforcement in cookies in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass cookie policy via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2021-06-07T20:15:00", "type": "debiancve", "title": "CVE-2021-30537", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30537"], "modified": "2021-06-07T20:15:00", "id": "DEBIANCVE:CVE-2021-30537", "href": "https://security-tracker.debian.org/tracker/CVE-2021-30537", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-03-27T06:08:25", "description": "Use after free in WebUI in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-07T20:15:00", "type": "debiancve", "title": "CVE-2021-30527", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30527"], "modified": "2021-06-07T20:15:00", "id": "DEBIANCVE:CVE-2021-30527", "href": "https://security-tracker.debian.org/tracker/CVE-2021-30527", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-27T06:08:25", "description": "Use after free in Bookmarks in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-07T20:15:00", "type": "debiancve", "title": "CVE-2021-30529", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30529"], "modified": "2021-06-07T20:15:00", "id": "DEBIANCVE:CVE-2021-30529", "href": "https://security-tracker.debian.org/tracker/CVE-2021-30529", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-27T06:08:25", "description": "Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2021-06-07T20:15:00", "type": "debiancve", "title": "CVE-2021-30532", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30532"], "modified": "2021-06-07T20:15:00", "id": "DEBIANCVE:CVE-2021-30532", "href": "https://security-tracker.debian.org/tracker/CVE-2021-30532", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-03-27T06:08:25", "description": "Incorrect security UI in payments in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform domain spoofing via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-06-07T20:15:00", "type": "debiancve", "title": "CVE-2021-30540", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30540"], "modified": "2021-06-07T20:15:00", "id": "DEBIANCVE:CVE-2021-30540", "href": "https://security-tracker.debian.org/tracker/CVE-2021-30540", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-03-27T06:08:25", "description": "Use after free in WebRTC in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-07T20:15:00", "type": "debiancve", "title": "CVE-2021-30523", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30523"], "modified": "2021-06-07T20:15:00", "id": "DEBIANCVE:CVE-2021-30523", "href": "https://security-tracker.debian.org/tracker/CVE-2021-30523", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-27T06:08:25", "description": "Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-06-07T20:15:00", "type": "debiancve", "title": "CVE-2021-30531", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30531"], "modified": "2021-06-07T20:15:00", "id": "DEBIANCVE:CVE-2021-30531", "href": "https://security-tracker.debian.org/tracker/CVE-2021-30531", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-03-27T06:08:25", "description": "Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.5}, "published": "2021-06-07T20:15:00", "type": "debiancve", "title": "CVE-2021-30539", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30539"], "modified": "2021-06-07T20:15:00", "id": "DEBIANCVE:CVE-2021-30539", "href": "https://security-tracker.debian.org/tracker/CVE-2021-30539", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-03-27T06:08:25", "description": "Insufficient policy enforcement in iFrameSandbox in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-06-07T20:15:00", "type": "debiancve", "title": "CVE-2021-30534", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30534"], "modified": "2021-06-07T20:15:00", "id": "DEBIANCVE:CVE-2021-30534", "href": "https://security-tracker.debian.org/tracker/CVE-2021-30534", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-03-27T06:08:25", "description": "Double free in ICU in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-07T20:15:00", "type": "debiancve", "title": "CVE-2021-30535", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30535"], "modified": "2021-06-07T20:15:00", "id": "DEBIANCVE:CVE-2021-30535", "href": "https://security-tracker.debian.org/tracker/CVE-2021-30535", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-27T06:08:25", "description": "Out of bounds memory access in WebAudio in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-07T20:15:00", "type": "debiancve", "title": "CVE-2021-30530", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30530"], "modified": "2021-06-07T20:15:00", "id": "DEBIANCVE:CVE-2021-30530", "href": "https://security-tracker.debian.org/tracker/CVE-2021-30530", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-27T06:08:25", "description": "Out of bounds read in V8 in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2021-06-07T20:15:00", "type": "debiancve", "title": "CVE-2021-30536", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30536"], "modified": "2021-06-07T20:15:00", "id": "DEBIANCVE:CVE-2021-30536", "href": "https://security-tracker.debian.org/tracker/CVE-2021-30536", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-03-27T06:08:25", "description": "Use after free in TabStrip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-07T20:15:00", "type": "debiancve", "title": "CVE-2021-30524", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30524"], "modified": "2021-06-07T20:15:00", "id": "DEBIANCVE:CVE-2021-30524", "href": "https://security-tracker.debian.org/tracker/CVE-2021-30524", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-27T06:08:25", "description": "Use after free in Autofill in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-15T22:15:00", "type": "debiancve", "title": "CVE-2021-30546", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30546"], "modified": "2021-06-15T22:15:00", "id": "DEBIANCVE:CVE-2021-30546", "href": "https://security-tracker.debian.org/tracker/CVE-2021-30546", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-27T06:08:25", "description": "Use after free in Spell check in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-15T22:15:00", "type": "debiancve", "title": "CVE-2021-30549", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30549"], "modified": "2021-06-15T22:15:00", "id": "DEBIANCVE:CVE-2021-30549", "href": "https://security-tracker.debian.org/tracker/CVE-2021-30549", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-27T06:08:25", "description": "Use after free in Network service in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-15T22:15:00", "type": "debiancve", "title": "CVE-2021-30553", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30553"], "modified": "2021-06-15T22:15:00", "id": "DEBIANCVE:CVE-2021-30553", "href": "https://security-tracker.debian.org/tracker/CVE-2021-30553", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-27T06:08:26", "description": "Use after free in Sharing in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and user gesture.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-02T19:15:00", "type": "debiancve", "title": "CVE-2021-30555", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30555"], "modified": "2021-07-02T19:15:00", "id": "DEBIANCVE:CVE-2021-30555", "href": "https://security-tracker.debian.org/tracker/CVE-2021-30555", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-27T06:08:25", "description": "Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-15T22:15:00", "type": "debiancve", "title": "CVE-2021-30545", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30545"], "modified": "2021-06-15T22:15:00", "id": "DEBIANCVE:CVE-2021-30545", "href": "https://security-tracker.debian.org/tracker/CVE-2021-30545", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-27T06:08:25", "description": "Insufficient policy enforcement in PopupBlocker in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted iframe.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-06-07T20:15:00", "type": "debiancve", "title": "CVE-2021-30533", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30533"], "modified": "2021-06-07T20:15:00", "id": "DEBIANCVE:CVE-2021-30533", "href": "https://security-tracker.debian.org/tracker/CVE-2021-30533", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-03-27T06:08:25", "description": "Out of bounds write in TabStrip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-06-07T20:15:00", "type": "debiancve", "title": "CVE-2021-30526", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30526"], "modified": "2021-06-07T20:15:00", "id": "DEBIANCVE:CVE-2021-30526", "href": "https://security-tracker.debian.org/tracker/CVE-2021-30526", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "veracode": [{"lastseen": "2022-07-26T13:50:19", "description": "chromium is vulnerable to arbitrary code execution. A heap-based buffer overflow in Autofill allows an attacker to execute arbitrary code on the host OS via tricking a user into visiting a malicious webpage.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-05-28T13:03:40", "type": "veracode", "title": "Arbitrary Code Execution", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30521"], "modified": "2021-12-01T22:11:18", "id": "VERACODE:30725", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-30725/summary", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-26T13:50:18", "description": "chromium is vulnerable to arbitrary code execution. A use-after-free in WebAuthentication allows an attacker to execute arbitrary code on the host OS by tricking a user into visiting a malicious web page.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-05-28T13:03:33", "type": "veracode", "title": "Arbitrary Code Execution", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30528"], "modified": "2021-12-01T22:11:13", "id": "VERACODE:30716", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-30716/summary", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-26T16:44:11", "description": "chromium is vulnerable to remote code execution. The vulnerability exists due to a boundary error when processing untrusted HTML content in Autofill. \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2021-05-28T13:04:03", "type": "veracode", "title": "Remote Code Execution (RCE)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30537"], "modified": "2021-12-01T22:11:10", "id": "VERACODE:30730", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-30730/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-07-26T16:44:14", "description": "chromium is vulnerable to remote code execution. The vulnerability exists due to a boundary error when processing untrusted HTML content in Autofill. \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2021-05-28T13:03:57", "type": "veracode", "title": "Remote Code Execution (RCE)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30538"], "modified": "2021-12-02T00:13:09", "id": "VERACODE:30727", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-30727/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-07-26T13:50:15", "description": "chromium is vulnerable remote code execution. The vulnerability exists due to a use after free security issue has been found in the WebUI component of the Chromium.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-05-28T13:03:35", "type": "veracode", "title": "Remote Code Execution (RCE)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30527"], "modified": "2021-12-01T20:11:11", "id": "VERACODE:30718", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-30718/summary", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-26T13:50:18", "description": "chromium is vulnerable to information disclosure. A use-after-free in Bookmarks allows an attacker to obtain confidential information by tricking a user into visiting a malicious web page.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-05-28T13:03:36", "type": "veracode", "title": "Information Disclosure", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30529"], "modified": "2021-12-01T22:11:13", "id": "VERACODE:30719", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-30719/summary", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-26T16:44:14", "description": "chromium:edge has an insufficient policy enforcement in Content Security Policy.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2021-05-28T13:04:09", "type": "veracode", "title": "Insufficient Policy Enforcement", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30532"], "modified": "2022-07-13T12:55:45", "id": "VERACODE:30735", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-30735/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-07-26T16:44:11", "description": "chromium is vulnerable to remote code execution. The vulnerability exists due to a boundary error when processing untrusted HTML content in Autofill. \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-05-28T13:04:15", "type": "veracode", "title": "Remote Code Execution (RCE)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30540"], "modified": "2022-07-13T12:54:33", "id": "VERACODE:30736", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-30736/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-07-26T13:50:14", "description": "chromium is vulnerable to denial of service. The vulnerability exists due to a use after free flaw was found in the WebRTC component of the Chromium browser.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-05-28T13:03:38", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30523"], "modified": "2021-12-01T20:11:13", "id": "VERACODE:30721", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-30721/summary", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-26T16:29:55", "description": "An insufficient policy enforcement security issue has been found in the content security policy component of the Chromium browser before version 91.0.4472.77. \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.5}, "published": "2021-05-28T13:03:56", "type": "veracode", "title": "Insufficient Validation", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30539"], "modified": "2021-12-01T22:11:10", "id": "VERACODE:30726", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-30726/summary", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-07-26T16:44:13", "description": "chromium:edge has an insufficient policy enforcement in Content Security Policy.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-05-28T13:04:05", "type": "veracode", "title": "Insufficient Policy Enforcement", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30531"], "modified": "2022-07-13T12:53:28", "id": "VERACODE:30732", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-30732/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-07-26T13:50:15", "description": "chromium is vulnerable to information disclosure. The vulnerability exists due to an out of bounds memory access security issue has been found in the WebAudio component of the Chromium.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "