CVE-2021-30593
Publication date 26 August 2021
Last updated 25 August 2025
Ubuntu priority
Description
Out of bounds read in Tab Strip in Google Chrome prior to 92.0.4515.131 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted HTML page.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| chromium-browser | 22.04 LTS jammy |
Not affected
|
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Fixed 92.0.4515.159-0ubuntu0.18.04.1
|
|
| 16.04 LTS xenial | Ignored end of standard support | |
| 14.04 LTS trusty | Not in release |
Notes
alexmurray
The Debian chromium source package is called chromium-browser in Ubuntu
mdeslaur
starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
8.1 · High
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H |