CVE-2021-30633
CVE-2021-30633
In short
A memory safety flaw in Chrome's Indexed DB feature allows attackers who control the browser's renderer process to escape the security sandbox by using a specially crafted webpage. This could lead to complete system compromise.
Technical detail
Use-after-free vulnerability in Indexed DB API allows an attacker with renderer process compromise to trigger unsafe memory access and bypass sandbox isolation. Exploitation requires delivering a malicious HTML page to an already-compromised renderer context, enabling potential privilege escalation to host system.
Summary generated and translated by AI from the official description.
Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected products
Google · ChromeWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop.htmlhttps://crbug.com/1247766https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PM7MOYYHJSWLIFZ4TPJTD7MSA3HSSLV2/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30633