CVE-2021-30550

Upstream information

CVE-2021-30550 at MITRE

Description

Use after free in Accessibility in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

---

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v2 Scores

	National Vulnerability Database
Base Score	6.8
Vector	AV:N/AC:M/Au:N/C:P/I:P/A:P
Access Vector	Network
Access Complexity	Medium
Authentication	None
Confidentiality Impact	Partial
Integrity Impact	Partial
Availability Impact	Partial

CVSS v3 Scores

	National Vulnerability Database	SUSE
Base Score	8.8	8.8
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Access Vector	Network	Network
Access Complexity	Low	Low
Privileges Required	None	None
User Interaction	Required	Required
Scope	Unchanged	Unchanged
Confidentiality Impact	High	High
Integrity Impact	High	High
Availability Impact	High	High
CVSSv3 Version	3.1	3.1

SUSE Bugzilla entry: 1187141 [RESOLVED / FIXED]

SUSE Security Advisories:

• openSUSE-SU-2021:0881-1, published Thu Jun 17 00:39:41 2021
• openSUSE-SU-2021:0938-1, published Mon Jun 28 18:39:34 2021
• openSUSE-SU-2021:0948-1, published Thu Jul 1 15:40:36 2021
• openSUSE-SU-2021:0949-1, published Thu Jul 1 15:40:36 2021
• openSUSE-SU-2022:0110-1, published Fri Apr 8 22:41:06 2022

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Package Hub 15 SP3	chromedriver >= 91.0.4472.114-bp153.2.13.1 chromium >= 91.0.4472.114-bp153.2.13.1	Patchnames: openSUSE-2021-938
openSUSE Leap 15.2	chromedriver >= 91.0.4472.101-lp152.2.104.1 chromium >= 91.0.4472.101-lp152.2.104.1	Patchnames: openSUSE-2021-881
openSUSE Leap 15.2 NonFree	opera >= 77.0.4054.146-lp152.2.52.1	Patchnames: openSUSE-2021-949
openSUSE Leap 15.3	chromedriver >= 91.0.4472.114-bp153.2.13.1 chromium >= 91.0.4472.114-bp153.2.13.1	Patchnames: openSUSE-2021-938
openSUSE Leap 15.3 NonFree	opera >= 77.0.4054.146-lp153.2.6.1	Patchnames: openSUSE-2021-948
openSUSE Leap 15.4	chromium >= 101.0.4951.64-bp154.1.2	Patchnames: openSUSE Leap 15.4 GA chromium-101.0.4951.64-bp154.1.2
openSUSE Leap 15.4 NonFree	opera >= 85.0.4341.28-lp154.2.5.1	Patchnames: openSUSE-2022-110
openSUSE Tumbleweed	chromedriver >= 93.0.4577.82-1.1 chromium >= 93.0.4577.82-1.1	Patchnames: openSUSE Tumbleweed GA chromedriver-93.0.4577.82-1.1