8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.027 Low
EPSS
Percentile
90.4%
Chrome Releases reports:
This release contains 32 security fixes, including:
[1208721] High CVE-2021-30521: Heap buffer overflow in Autofill.
Reported by ZhanJia Song on 2021-05-13
[1176218] High CVE-2021-30522: Use after free in WebAudio.
Reported by Piotr Bania of Cisco Talos on 2021-02-09
[1187797] High CVE-2021-30523: Use after free in WebRTC.
Reported by Tolyan Korniltsev on 2021-03-13
[1197146] High CVE-2021-30524: Use after free in TabStrip.
Reported by David Erceg on 2021-04-08
[1197888] High CVE-2021-30525: Use after free in TabGroups.
Reported by David Erceg on 2021-04-11
[1198717] High CVE-2021-30526: Out of bounds write in
TabStrip. Reported by David Erceg on 2021-04-13
[1199198] High CVE-2021-30527: Use after free in WebUI.
Reported by David Erceg on 2021-04-15
[1206329] High CVE-2021-30528: Use after free in
WebAuthentication. Reported by Man Yue Mo of GitHub Security Lab on
2021-05-06
[1195278] Medium CVE-2021-30529: Use after free in Bookmarks.
Reported by koocola (@alo_cook) and Nan Wang (@eternalsakura13) of
360 Alpha Lab on 2021-04-02
[1201033] Medium CVE-2021-30530: Out of bounds memory access
in WebAudio. Reported by kkwon on 2021-04-21
[1115628] Medium CVE-2021-30531: Insufficient policy
enforcement in Content Security Policy. Reported by Philip Papurt on
2020-08-12
[1117687] Medium CVE-2021-30532: Insufficient policy
enforcement in Content Security Policy. Reported by Philip Papurt on
2020-08-18
[1145553] Medium CVE-2021-30533: Insufficient policy
enforcement in PopupBlocker. Reported by Eliya Stein on
2020-11-04
[1151507] Medium CVE-2021-30534: Insufficient policy
enforcement in iFrameSandbox. Reported by Alesandro Ortiz on
2020-11-20
[1194899] Medium CVE-2021-30535: Double free in ICU. Reported
by nocma, leogan, cheneyxu of WeChat Open Platform Security Team on
2021-04-01
[1145024] Medium CVE-2021-21212: Insufficient data validation
in networking. Reported by Hugo Hue and Sze Yiu Chau of the Chinese
University of Hong Kong on 2020-11-03
[1194358] Low CVE-2021-30536: Out of bounds read in V8.
Reported by Chris Salls (@salls) on 2021-03-31
[830101] Low CVE-2021-30537: Insufficient policy enforcement
in cookies. Reported by Jun Kokatsu (@shhnjk) on 2018-04-06
[1115045] Low CVE-2021-30538: Insufficient policy enforcement
in content security policy. Reported by Tianze Ding (@D1iv3) of
Tencent Security Xuanwu Lab on 2020-08-11
[971231] Low CVE-2021-30539: Insufficient policy enforcement
in content security policy. Reported by unnamed researcher on
2019-06-05
[1184147] Low CVE-2021-30540: Incorrect security UI in
payments. Reported by @retsew0x01 on 2021-03-03
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.027 Low
EPSS
Percentile
90.4%