CVE-2021-30554
CVE-2021-30554
In short
A flaw in Chrome's WebGL feature allows attackers to corrupt memory on your computer through a specially crafted webpage. This can crash your browser or potentially run malicious code.
Technical detail
Use-after-free vulnerability in WebGL renderer (CWE-416) in Chrome versions before 91.0.4472.114. Remote attacker can trigger heap corruption by serving a crafted HTML page; requires user to visit the malicious site. Impact includes denial of service and potential code execution with browser privileges.
Summary generated and translated by AI from the official description.
Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Google · ChromeWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.htmlhttps://crbug.com/1219857https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ETMZL6IHCTCTREEL434BQ4THQ7EOHJ43/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAT6EOXVQFE6JFMFQF4IKAOUQSHMHL54/https://security.gentoo.org/glsa/202107-06https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30554