CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
79.1%
Severity: High
Date : 2021-05-19
CVE-ID : CVE-2021-30506 CVE-2021-30507 CVE-2021-30508 CVE-2021-30509
CVE-2021-30510 CVE-2021-30511 CVE-2021-30512 CVE-2021-30513
CVE-2021-30514 CVE-2021-30515 CVE-2021-30516 CVE-2021-30517
CVE-2021-30518 CVE-2021-30519 CVE-2021-30520
Package : chromium
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-1936
The package chromium before version 90.0.4430.212-1 is vulnerable to
multiple issues including arbitrary code execution, content spoofing,
incorrect calculation and information disclosure.
Upgrade to 90.0.4430.212-1.
The problems have been fixed upstream in version 90.0.4430.212.
None.
An incorrect security UI security issue has been found in the Web App
Installs component of the Chromium browser before version
90.0.4430.212.
An inappropriate implementation security issue has been found in the
Offline component of the Chromium browser before version 90.0.4430.212.
A heap buffer overflow security issue has been found in the Media Feeds
component of the Chromium browser before version 90.0.4430.212.
An out of bounds write security issue has been found in the Tab Strip
component of the Chromium browser before version 90.0.4430.212.
A race condition security issue has been found in the Aura component of
the Chromium browser before version 90.0.4430.212.
An out of bounds read security issue has been found in the Tab Groups
component of the Chromium browser before version 90.0.4430.212.
A use after free security issue has been found in the Notifications
component of the Chromium browser before version 90.0.4430.212.
A type confusion security issue has been found in the V8 component of
the Chromium browser before version 90.0.4430.212.
A use after free security issue has been found in the Autofill
component of the Chromium browser before version 90.0.4430.212.
A use after free security issue has been found in the File API
component of the Chromium browser before version 90.0.4430.212.
A heap buffer overflow security issue has been found in the History
component of the Chromium browser before version 90.0.4430.212.
A type confusion security issue has been found in the V8 component of
the Chromium browser before version 90.0.4430.212.
A heap buffer overflow security issue has been found in the Reader Mode
component of the Chromium browser before version 90.0.4430.212.
A use after free security issue has been found in the Payments
component of the Chromium browser before version 90.0.4430.212.
A use after free security issue has been found in the Tab Strip
component of the Chromium browser before version 90.0.4430.212.
A remote attacker could spoof content, disclose sensitive information,
or execute arbitrary code through crafted web pages.
https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop.html
https://crbug.com/1180126
https://crbug.com/1178202
https://crbug.com/1195340
https://crbug.com/1196309
https://crbug.com/1197436
https://crbug.com/1197875
https://crbug.com/1200019
https://crbug.com/1200490
https://crbug.com/1200766
https://crbug.com/1201073
https://crbug.com/1201446
https://crbug.com/1203122
https://crbug.com/1203590
https://crbug.com/1194058
https://crbug.com/1193362
https://security.archlinux.org/CVE-2021-30506
https://security.archlinux.org/CVE-2021-30507
https://security.archlinux.org/CVE-2021-30508
https://security.archlinux.org/CVE-2021-30509
https://security.archlinux.org/CVE-2021-30510
https://security.archlinux.org/CVE-2021-30511
https://security.archlinux.org/CVE-2021-30512
https://security.archlinux.org/CVE-2021-30513
https://security.archlinux.org/CVE-2021-30514
https://security.archlinux.org/CVE-2021-30515
https://security.archlinux.org/CVE-2021-30516
https://security.archlinux.org/CVE-2021-30517
https://security.archlinux.org/CVE-2021-30518
https://security.archlinux.org/CVE-2021-30519
https://security.archlinux.org/CVE-2021-30520
chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop.html
crbug.com/1178202
crbug.com/1180126
crbug.com/1193362
crbug.com/1194058
crbug.com/1195340
crbug.com/1196309
crbug.com/1197436
crbug.com/1197875
crbug.com/1200019
crbug.com/1200490
crbug.com/1200766
crbug.com/1201073
crbug.com/1201446
crbug.com/1203122
crbug.com/1203590
security.archlinux.org/AVG-1936
security.archlinux.org/CVE-2021-30506
security.archlinux.org/CVE-2021-30507
security.archlinux.org/CVE-2021-30508
security.archlinux.org/CVE-2021-30509
security.archlinux.org/CVE-2021-30510
security.archlinux.org/CVE-2021-30511
security.archlinux.org/CVE-2021-30512
security.archlinux.org/CVE-2021-30513
security.archlinux.org/CVE-2021-30514
security.archlinux.org/CVE-2021-30515
security.archlinux.org/CVE-2021-30516
security.archlinux.org/CVE-2021-30517
security.archlinux.org/CVE-2021-30518
security.archlinux.org/CVE-2021-30519
security.archlinux.org/CVE-2021-30520
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
79.1%