6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.027 Low
EPSS
Percentile
90.5%
Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Recent assessments:
gwillcox-r7 at June 21, 2021 7:19pm UTC reported:
Apparently this is a UAF vulnerability in the WebGL component of Chrome that has been exploited in the wild according to <https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html>. No further details at the moment other than that its triggered via JavaScript, which makes sense given this is a UAF vulnerability. As per usual, disable JavaScript where possible using plugins like NoScript if you want to mitigate the risk of this vulnerability somewhat, however its highly recommended to just update your Chrome and Edge browsers to the latest version available.
Assessed Attacker Value: 3
Assessed Attacker Value: 3Assessed Attacker Value: 2
chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html
crbug.com/1219857
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30554
lists.fedoraproject.org/archives/list/[email protected]/message/ETMZL6IHCTCTREEL434BQ4THQ7EOHJ43/
lists.fedoraproject.org/archives/list/[email protected]/message/PAT6EOXVQFE6JFMFQF4IKAOUQSHMHL54/
security.gentoo.org/glsa/202107-06
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.027 Low
EPSS
Percentile
90.5%