PT-2021-3871 · Google+3 · Google Chrome+3

Sergei Glazunov

·

Published

2021-07-27

·

Updated

2024-06-15

·

CVE-2021-30603

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 92.0.4515.159
Description The issue is caused by a data race in the WebAudio component of Google Chrome, which can be exploited by a remote attacker using a specially crafted HTML page. This could potentially lead to heap corruption. The estimated number of potentially affected devices is not specified.
Recommendations For versions prior to 92.0.4515.159, update to version 92.0.4515.159 or later to resolve the issue. As a temporary workaround, consider restricting access to WebAudio components until a patch is applied. Avoid using crafted HTML pages that could exploit the data race condition in the WebAudio component.

Exploit

Fix

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

ALT-PU-2021-2598
ALT-PU-2021-2690
ALT-PU-2021-2747
ALT-PU-2021-2987
ALT-PU-2021-3050
ALT-PU-2021-3436
ALT-PU-2021-3603
BDU:2021-04239
CVE-2021-30603
OPENSUSE-SU-2021:1172-1
OPENSUSE-SU-2021:1180-1
OPENSUSE-SU-2021:1221-1
OPENSUSE-SU-2021_1172-1
OPENSUSE-SU-2021_1221-1
OPENSUSE-SU-2022:0110-1
OPENSUSE-SU-2022_0110-1
OPENSUSE-SU-2024:10681-1
OPENSUSE-SU-2024:10977-1
OPENSUSE-SU-2024:12948-1

Affected Products

Alt Linux
Astra Linux
Google Chrome
Suse