Use after free in WebAudio in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

The remote host is affected by the vulnerability described in GLSA-202107-06 (Chromium, Google Chrome: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Chromium and Google       Chrome. Please review the CVE identifiers referenced below for details.
  Impact :

    A remote attacker could execute arbitrary code, escalate privileges,       obtain sensitive information, spoof a URL or cause a Denial of Service       condition.
  Workaround :

    There is no known workaround at this time.

The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:0949-1 advisory.

  - Use after free in BFCache in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page. (CVE-2021-30544)

  - Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed a remote attacker who had     compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
    (CVE-2021-30545)

  - Use after free in Autofill in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to     potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30546)

  - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to     potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)

  - Use after free in Loader in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page. (CVE-2021-30548)

  - Use after free in Spell check in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a     user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
    (CVE-2021-30549)

  - Use after free in Accessibility in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced     a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
    (CVE-2021-30550)

  - Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page. (CVE-2021-30551)

  - Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a     user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
    (CVE-2021-30552)

  - Use after free in Network service in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to     potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30553)

  - Use after free in WebGL. (CVE-2021-30554)

  - Use after free in Sharing. (CVE-2021-30555)

  - Use after free in WebAudio. (CVE-2021-30556)

  - Use after free in TabGroups. (CVE-2021-30557)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:0938-1 advisory.

  - Use after free in BFCache in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page. (CVE-2021-30544)

  - Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed a remote attacker who had     compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
    (CVE-2021-30545)

  - Use after free in Autofill in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to     potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30546)

  - Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to     potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)

  - Use after free in Loader in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page. (CVE-2021-30548)

  - Use after free in Spell check in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a     user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
    (CVE-2021-30549)

  - Use after free in Accessibility in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced     a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
    (CVE-2021-30550)

  - Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page. (CVE-2021-30551)

  - Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a     user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
    (CVE-2021-30552)

  - Use after free in Network service in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to     potentially exploit heap corruption via a crafted HTML page. (CVE-2021-30553)

  - Use after free in WebGL. (CVE-2021-30554)

  - Use after free in Sharing. (CVE-2021-30555)

  - Use after free in WebAudio. (CVE-2021-30556)

  - Use after free in TabGroups. (CVE-2021-30557)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:0898-1 advisory.

  - Use after free in WebGL. (CVE-2021-30554)

  - Use after free in Sharing. (CVE-2021-30555)

  - Use after free in WebAudio. (CVE-2021-30556)

  - Use after free in TabGroups. (CVE-2021-30557)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Chrome Releases reports :

This release includes 4 security fixes, including :

- [1219857] High CVE-2021-30554: Use after free in WebGL. Reported by anonymous on 2021-06-15

- [1215029] High CVE-2021-30555: Use after free in Sharing. Reported by David Erceg on 2021-06-01

- [1212599] High CVE-2021-30556: Use after free in WebAudio. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-05-24

- [1202102] High CVE-2021-30557: Use after free in TabGroups. Reported by David Erceg on 2021-04-23

The version of Microsoft Edge installed on the remote Windows host is prior to 91.0.864.54. It is, therefore, affected by multiple vulnerabilities as referenced in the June 18, 2021 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Google Chrome installed on the remote macOS host is prior to 91.0.4472.114. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_06_stable-channel-update-for-desktop_17 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Google Chrome installed on the remote Windows host is prior to 91.0.4472.114. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021_06_stable-channel-update-for-desktop_17 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
156995	GLSA-202107-06 : Chromium, Google Chrome: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
151278	openSUSE 15 Security Update : opera (openSUSE-SU-2021:0949-1)	Nessus	SuSE Local Security Checks	high
151198	openSUSE 15 Security Update : chromium (openSUSE-SU-2021:0938-1)	Nessus	SuSE Local Security Checks	high
151077	openSUSE 15 Security Update : chromium (openSUSE-SU-2021:0898-1)	Nessus	SuSE Local Security Checks	high
151005	FreeBSD : chromium -- multiple vulnerabilities (afdc7579-d023-11eb-bcad-3065ec8fd3ec)	Nessus	FreeBSD Local Security Checks	high
150868	Microsoft Edge (Chromium) < 91.0.864.54 Multiple Vulnerabilities	Nessus	Windows	high
150855	Google Chrome < 91.0.4472.114 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	high
150854	Google Chrome < 91.0.4472.114 Multiple Vulnerabilities	Nessus	Windows	high

Detections

Analytics

CVE-2021-30556

high

Tenable Plugins

high

high

high

high

high

high

high

high