Vulnerability-Lookup

CVE-2021-30617 (GCVE-0-2021-30617)

Vulnerability from cvelistv5 – Published: 2021-09-03 19:25 – Updated: 2024-08-03 22:40

Summary

Chromium: CVE-2021-30617 Policy bypass in Blink

Severity ?

No CVSS data available.

Assigner

Chrome

References

2 references

URL	Tags
https://portal.msrc.microsoft.com/en-US/security-…	x_refsource_MISC
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA

Impacted products

1 product

Vendor	Product	Version
Microsoft	Microsoft Edge (Chromium-based)	Affected: unspecified

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:40:31.513Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30617"
          },
          {
            "name": "FEDORA-2021-02b301441f",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPJPUSAWIJMQFBQQQYXAICLI4EKFQOH6/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Microsoft Edge (Chromium-based)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Chromium: CVE-2021-30617 Policy bypass in Blink"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-24T22:08:43.000Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30617"
        },
        {
          "name": "FEDORA-2021-02b301441f",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPJPUSAWIJMQFBQQQYXAICLI4EKFQOH6/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "chrome-cve-admin@google.com",
          "ID": "CVE-2021-30617",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Microsoft Edge (Chromium-based)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Chromium: CVE-2021-30617 Policy bypass in Blink"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": ""
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30617",
              "refsource": "MISC",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30617"
            },
            {
              "name": "FEDORA-2021-02b301441f",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPJPUSAWIJMQFBQQQYXAICLI4EKFQOH6/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2021-30617",
    "datePublished": "2021-09-03T19:25:53.000Z",
    "dateReserved": "2021-04-13T00:00:00.000Z",
    "dateUpdated": "2024-08-03T22:40:31.513Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2021-30617",
      "date": "2026-05-19",
      "epss": "0.01787",
      "percentile": "0.82954"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"93.0.961.38\", \"matchCriteriaId\": \"A8B292D6-76BC-4B8C-ABC6-3095914F8EB0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"93.0.4577.63\", \"matchCriteriaId\": \"135A239A-60C6-4BBB-A5B8-D520D3861AF8\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Chromium: CVE-2021-30617 Policy bypass in Blink\"}, {\"lang\": \"es\", \"value\": \"Chromium: CVE-2021-30617 Omisi\\u00f3n de pol\\u00edticas en Blink\"}]",
      "id": "CVE-2021-30617",
      "lastModified": "2024-11-21T06:04:18.197",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2021-09-03T20:15:07.763",
      "references": "[{\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPJPUSAWIJMQFBQQQYXAICLI4EKFQOH6/\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30617\", \"source\": \"chrome-cve-admin@google.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPJPUSAWIJMQFBQQQYXAICLI4EKFQOH6/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30617\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "chrome-cve-admin@google.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-30617\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2021-09-03T20:15:07.763\",\"lastModified\":\"2024-11-21T06:04:18.197\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Chromium: CVE-2021-30617 Policy bypass in Blink\"},{\"lang\":\"es\",\"value\":\"Chromium: CVE-2021-30617 Omisi\u00f3n de pol\u00edticas en Blink\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"93.0.961.38\",\"matchCriteriaId\":\"A8B292D6-76BC-4B8C-ABC6-3095914F8EB0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"93.0.4577.63\",\"matchCriteriaId\":\"135A239A-60C6-4BBB-A5B8-D520D3861AF8\"}]}]}],\"references\":[{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPJPUSAWIJMQFBQQQYXAICLI4EKFQOH6/\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30617\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPJPUSAWIJMQFBQQQYXAICLI4EKFQOH6/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30617\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2021-AVI-666

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Rappel : l'éditeur mentionne uniquement les identifiants CVE des vulnérabilités découvertes par des tiers, cette liste n'est donc pas exhaustive.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Google	Chrome	Chrome versions antérieures à 93.0.4577.63

References

Title

Publication Time

Tags

Bulletin de sécurité Google du 31 août 2021

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Chrome versions ant\u00e9rieures \u00e0 93.0.4577.63",
      "product": {
        "name": "Chrome",
        "vendor": {
          "name": "Google",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-30612",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30612"
    },
    {
      "name": "CVE-2021-30616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30616"
    },
    {
      "name": "CVE-2021-30621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30621"
    },
    {
      "name": "CVE-2021-30617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30617"
    },
    {
      "name": "CVE-2021-30613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30613"
    },
    {
      "name": "CVE-2021-30611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30611"
    },
    {
      "name": "CVE-2021-30618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30618"
    },
    {
      "name": "CVE-2021-30606",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30606"
    },
    {
      "name": "CVE-2021-30610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30610"
    },
    {
      "name": "CVE-2021-30620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30620"
    },
    {
      "name": "CVE-2021-30607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30607"
    },
    {
      "name": "CVE-2021-30608",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30608"
    },
    {
      "name": "CVE-2021-30614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30614"
    },
    {
      "name": "CVE-2021-30623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30623"
    },
    {
      "name": "CVE-2021-30622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30622"
    },
    {
      "name": "CVE-2021-30609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30609"
    },
    {
      "name": "CVE-2021-30624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30624"
    },
    {
      "name": "CVE-2021-30619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30619"
    },
    {
      "name": "CVE-2021-30615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30615"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-666",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-09-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Chrome.\nElles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.  \n\u003cu\u003eRappel :\u003c/u\u003e l\u0027\u00e9diteur mentionne uniquement les identifiants CVE des\nvuln\u00e9rabilit\u00e9s d\u00e9couvertes par des tiers, cette liste n\u0027est donc pas\nexhaustive.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Chrome",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Google du 31 ao\u00fbt 2021",
      "url": "https://chromereleases.googleblog.com/2021/08/stable-channel-update-for-desktop_31.html"
    }
  ]
}

CERTFR-2021-AVI-673

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Microsoft Edge (basé sur Chromium) et Microsoft Edge pour Android. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Microsoft	Edge	Microsoft Edge (basé sur Chromium) versions antérieures à 93.0.961.38 (à l'exclusion de la CVE-2021-26439)
	Microsoft	Edge	Microsoft Edge pour Android versions antérieures à 4.6 (pour la CVE-2021-26439)

References

Title

Publication Time

Tags

Bulletin de Sécurité Microsoft CVE-2021-30619 du 2 septembre 2021	None	vendor-advisory
Bulletin de Sécurité Microsoft CVE-2021-26439 du 2 septembre 2021	None	vendor-advisory
Bulletin de Sécurité Microsoft CVE-2021-30606 du 2 septembre 2021	None	vendor-advisory
Bulletin de Sécurité Microsoft CVE-2021-30616 du 2 septembre 2021	None	vendor-advisory
Bulletin de Sécurité Microsoft CVE-2021-30611 du 2 septembre 2021	None	vendor-advisory
Bulletin de Sécurité Microsoft CVE-2021-30608 du 2 septembre 2021	None	vendor-advisory
Bulletin de Sécurité Microsoft CVE-2021-30617 du 2 septembre 2021	None	vendor-advisory
Bulletin de Sécurité Microsoft CVE-2021-30607 du 2 septembre 2021	None	vendor-advisory
Bulletin de Sécurité Microsoft CVE-2021-30615 du 2 septembre 2021	None	vendor-advisory
Bulletin de Sécurité Microsoft CVE-2021-30612 du 2 septembre 2021	None	vendor-advisory
Bulletin de Sécurité Microsoft CVE-2021-30610 du 2 septembre 2021	None	vendor-advisory
Bulletin de Sécurité Microsoft CVE-2021-30624 du 2 septembre 2021	None	vendor-advisory
Bulletin de Sécurité Microsoft CVE-2021-30621 du 2 septembre 2021	None	vendor-advisory
Bulletin de Sécurité Microsoft CVE-2021-30618 du 2 septembre 2021	None	vendor-advisory
Bulletin de Sécurité Microsoft CVE-2021-30620 du 2 septembre 2021	None	vendor-advisory
Bulletin de Sécurité Microsoft CVE-2021-30609 du 2 septembre 2021	None	vendor-advisory
Bulletin de Sécurité Microsoft CVE-2021-30623 du 2 septembre 2021	None	vendor-advisory
Bulletin de Sécurité Microsoft CVE-2021-30622 du 2 septembre 2021	None	vendor-advisory
Bulletin de Sécurité Microsoft CVE-2021-30613 du 2 septembre 2021	None	vendor-advisory
Bulletin de Sécurité Microsoft CVE-2021-30614 du 2 septembre 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Edge (bas\u00e9 sur Chromium) versions ant\u00e9rieures \u00e0 93.0.961.38 (\u00e0 l\u0027exclusion de la CVE-2021-26439)",
      "product": {
        "name": "Edge",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Edge pour Android versions ant\u00e9rieures \u00e0 4.6 (pour la CVE-2021-26439)",
      "product": {
        "name": "Edge",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-26439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26439"
    },
    {
      "name": "CVE-2021-30612",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30612"
    },
    {
      "name": "CVE-2021-30616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30616"
    },
    {
      "name": "CVE-2021-30621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30621"
    },
    {
      "name": "CVE-2021-30617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30617"
    },
    {
      "name": "CVE-2021-30613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30613"
    },
    {
      "name": "CVE-2021-30611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30611"
    },
    {
      "name": "CVE-2021-30618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30618"
    },
    {
      "name": "CVE-2021-30606",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30606"
    },
    {
      "name": "CVE-2021-30610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30610"
    },
    {
      "name": "CVE-2021-30620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30620"
    },
    {
      "name": "CVE-2021-30607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30607"
    },
    {
      "name": "CVE-2021-30608",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30608"
    },
    {
      "name": "CVE-2021-30614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30614"
    },
    {
      "name": "CVE-2021-30623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30623"
    },
    {
      "name": "CVE-2021-30622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30622"
    },
    {
      "name": "CVE-2021-30609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30609"
    },
    {
      "name": "CVE-2021-30624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30624"
    },
    {
      "name": "CVE-2021-30619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30619"
    },
    {
      "name": "CVE-2021-30615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30615"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-673",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-09-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Edge\n(bas\u00e9 sur Chromium) et Microsoft Edge pour Android. Elles permettent \u00e0\nun attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par\nl\u0027\u00e9diteur.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de S\u00e9curit\u00e9 Microsoft CVE-2021-30619 du 2 septembre 2021",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30619"
    },
    {
      "published_at": null,
      "title": "Bulletin de S\u00e9curit\u00e9 Microsoft CVE-2021-26439 du 2 septembre 2021",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26439"
    },
    {
      "published_at": null,
      "title": "Bulletin de S\u00e9curit\u00e9 Microsoft CVE-2021-30606 du 2 septembre 2021",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30606"
    },
    {
      "published_at": null,
      "title": "Bulletin de S\u00e9curit\u00e9 Microsoft CVE-2021-30616 du 2 septembre 2021",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30616"
    },
    {
      "published_at": null,
      "title": "Bulletin de S\u00e9curit\u00e9 Microsoft CVE-2021-30611 du 2 septembre 2021",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30611"
    },
    {
      "published_at": null,
      "title": "Bulletin de S\u00e9curit\u00e9 Microsoft CVE-2021-30608 du 2 septembre 2021",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30608"
    },
    {
      "published_at": null,
      "title": "Bulletin de S\u00e9curit\u00e9 Microsoft CVE-2021-30617 du 2 septembre 2021",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30617"
    },
    {
      "published_at": null,
      "title": "Bulletin de S\u00e9curit\u00e9 Microsoft CVE-2021-30607 du 2 septembre 2021",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30607"
    },
    {
      "published_at": null,
      "title": "Bulletin de S\u00e9curit\u00e9 Microsoft CVE-2021-30615 du 2 septembre 2021",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30615"
    },
    {
      "published_at": null,
      "title": "Bulletin de S\u00e9curit\u00e9 Microsoft CVE-2021-30612 du 2 septembre 2021",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30612"
    },
    {
      "published_at": null,
      "title": "Bulletin de S\u00e9curit\u00e9 Microsoft CVE-2021-30610 du 2 septembre 2021",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30610"
    },
    {
      "published_at": null,
      "title": "Bulletin de S\u00e9curit\u00e9 Microsoft CVE-2021-30624 du 2 septembre 2021",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30624"
    },
    {
      "published_at": null,
      "title": "Bulletin de S\u00e9curit\u00e9 Microsoft CVE-2021-30621 du 2 septembre 2021",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30621"
    },
    {
      "published_at": null,
      "title": "Bulletin de S\u00e9curit\u00e9 Microsoft CVE-2021-30618 du 2 septembre 2021",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30618"
    },
    {
      "published_at": null,
      "title": "Bulletin de S\u00e9curit\u00e9 Microsoft CVE-2021-30620 du 2 septembre 2021",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30620"
    },
    {
      "published_at": null,
      "title": "Bulletin de S\u00e9curit\u00e9 Microsoft CVE-2021-30609 du 2 septembre 2021",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30609"
    },
    {
      "published_at": null,
      "title": "Bulletin de S\u00e9curit\u00e9 Microsoft CVE-2021-30623 du 2 septembre 2021",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30623"
    },
    {
      "published_at": null,
      "title": "Bulletin de S\u00e9curit\u00e9 Microsoft CVE-2021-30622 du 2 septembre 2021",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30622"
    },
    {
      "published_at": null,
      "title": "Bulletin de S\u00e9curit\u00e9 Microsoft CVE-2021-30613 du 2 septembre 2021",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30613"
    },
    {
      "published_at": null,
      "title": "Bulletin de S\u00e9curit\u00e9 Microsoft CVE-2021-30614 du 2 septembre 2021",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30614"
    }
  ]
}

CERTFR-2021-AVI-708

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Microsoft Edge. Elles permettent à un attaquant de provoquer une usurpation d'identité, une élévation de privilèges, une atteinte à la confidentialité des données et un contournement de la fonctionnalité de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Microsoft	Edge	Microsoft Edge pour Android
	Microsoft	Edge	Microsoft Edge (Chromium-based)

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 14 septembre 2021

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Edge pour Android",
      "product": {
        "name": "Edge",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Edge (Chromium-based)",
      "product": {
        "name": "Edge",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-26439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26439"
    },
    {
      "name": "CVE-2021-30612",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30612"
    },
    {
      "name": "CVE-2021-30616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30616"
    },
    {
      "name": "CVE-2021-30621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30621"
    },
    {
      "name": "CVE-2021-30603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30603"
    },
    {
      "name": "CVE-2021-30617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30617"
    },
    {
      "name": "CVE-2021-30613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30613"
    },
    {
      "name": "CVE-2021-30601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30601"
    },
    {
      "name": "CVE-2021-30611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30611"
    },
    {
      "name": "CVE-2021-30618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30618"
    },
    {
      "name": "CVE-2021-30606",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30606"
    },
    {
      "name": "CVE-2021-38669",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-38669"
    },
    {
      "name": "CVE-2021-30610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30610"
    },
    {
      "name": "CVE-2021-30620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30620"
    },
    {
      "name": "CVE-2021-30607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30607"
    },
    {
      "name": "CVE-2021-30598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30598"
    },
    {
      "name": "CVE-2021-30602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30602"
    },
    {
      "name": "CVE-2021-30608",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30608"
    },
    {
      "name": "CVE-2021-30599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30599"
    },
    {
      "name": "CVE-2021-30632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30632"
    },
    {
      "name": "CVE-2021-30614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30614"
    },
    {
      "name": "CVE-2021-30604",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30604"
    },
    {
      "name": "CVE-2021-30623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30623"
    },
    {
      "name": "CVE-2021-30622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30622"
    },
    {
      "name": "CVE-2021-36930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36930"
    },
    {
      "name": "CVE-2021-30609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30609"
    },
    {
      "name": "CVE-2021-26436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26436"
    },
    {
      "name": "CVE-2021-30624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30624"
    },
    {
      "name": "CVE-2021-30619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30619"
    },
    {
      "name": "CVE-2021-38642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-38642"
    },
    {
      "name": "CVE-2021-38641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-38641"
    },
    {
      "name": "CVE-2021-30615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30615"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-708",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-09-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Usurpation d\u0027identit\u00e9"
    },
    {
      "description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Edge\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une usurpation d\u0027identit\u00e9, une \u00e9l\u00e9vation de privil\u00e8ges, une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la\nfonctionnalit\u00e9 de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 14 septembre 2021",
      "url": "https://msrc.microsoft.com/update-guide/"
    }
  ]
}

CERTFR-2021-AVI-666

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Google	Chrome	Chrome versions antérieures à 93.0.4577.63

References

Title

Publication Time

Tags

Bulletin de sécurité Google du 31 août 2021

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Chrome versions ant\u00e9rieures \u00e0 93.0.4577.63",
      "product": {
        "name": "Chrome",
        "vendor": {
          "name": "Google",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-30612",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30612"
    },
    {
      "name": "CVE-2021-30616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30616"
    },
    {
      "name": "CVE-2021-30621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30621"
    },
    {
      "name": "CVE-2021-30617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30617"
    },
    {
      "name": "CVE-2021-30613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30613"
    },
    {
      "name": "CVE-2021-30611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30611"
    },
    {
      "name": "CVE-2021-30618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30618"
    },
    {
      "name": "CVE-2021-30606",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30606"
    },
    {
      "name": "CVE-2021-30610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30610"
    },
    {
      "name": "CVE-2021-30620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30620"
    },
    {
      "name": "CVE-2021-30607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30607"
    },
    {
      "name": "CVE-2021-30608",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30608"
    },
    {
      "name": "CVE-2021-30614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30614"
    },
    {
      "name": "CVE-2021-30623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30623"
    },
    {
      "name": "CVE-2021-30622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30622"
    },
    {
      "name": "CVE-2021-30609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30609"
    },
    {
      "name": "CVE-2021-30624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30624"
    },
    {
      "name": "CVE-2021-30619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30619"
    },
    {
      "name": "CVE-2021-30615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30615"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-666",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-09-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Chrome.\nElles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.  \n\u003cu\u003eRappel :\u003c/u\u003e l\u0027\u00e9diteur mentionne uniquement les identifiants CVE des\nvuln\u00e9rabilit\u00e9s d\u00e9couvertes par des tiers, cette liste n\u0027est donc pas\nexhaustive.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Chrome",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Google du 31 ao\u00fbt 2021",
      "url": "https://chromereleases.googleblog.com/2021/08/stable-channel-update-for-desktop_31.html"
    }
  ]
}

CERTFR-2021-AVI-673

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Microsoft	Edge	Microsoft Edge (basé sur Chromium) versions antérieures à 93.0.961.38 (à l'exclusion de la CVE-2021-26439)
	Microsoft	Edge	Microsoft Edge pour Android versions antérieures à 4.6 (pour la CVE-2021-26439)

References

Title

Publication Time

Tags

Bulletin de Sécurité Microsoft CVE-2021-30619 du 2 septembre 2021	None	vendor-advisory
Bulletin de Sécurité Microsoft CVE-2021-26439 du 2 septembre 2021	None	vendor-advisory
Bulletin de Sécurité Microsoft CVE-2021-30606 du 2 septembre 2021	None	vendor-advisory
Bulletin de Sécurité Microsoft CVE-2021-30616 du 2 septembre 2021	None	vendor-advisory
Bulletin de Sécurité Microsoft CVE-2021-30611 du 2 septembre 2021	None	vendor-advisory
Bulletin de Sécurité Microsoft CVE-2021-30608 du 2 septembre 2021	None	vendor-advisory
Bulletin de Sécurité Microsoft CVE-2021-30617 du 2 septembre 2021	None	vendor-advisory
Bulletin de Sécurité Microsoft CVE-2021-30607 du 2 septembre 2021	None	vendor-advisory
Bulletin de Sécurité Microsoft CVE-2021-30615 du 2 septembre 2021	None	vendor-advisory
Bulletin de Sécurité Microsoft CVE-2021-30612 du 2 septembre 2021	None	vendor-advisory
Bulletin de Sécurité Microsoft CVE-2021-30610 du 2 septembre 2021	None	vendor-advisory
Bulletin de Sécurité Microsoft CVE-2021-30624 du 2 septembre 2021	None	vendor-advisory
Bulletin de Sécurité Microsoft CVE-2021-30621 du 2 septembre 2021	None	vendor-advisory
Bulletin de Sécurité Microsoft CVE-2021-30618 du 2 septembre 2021	None	vendor-advisory
Bulletin de Sécurité Microsoft CVE-2021-30620 du 2 septembre 2021	None	vendor-advisory
Bulletin de Sécurité Microsoft CVE-2021-30609 du 2 septembre 2021	None	vendor-advisory
Bulletin de Sécurité Microsoft CVE-2021-30623 du 2 septembre 2021	None	vendor-advisory
Bulletin de Sécurité Microsoft CVE-2021-30622 du 2 septembre 2021	None	vendor-advisory
Bulletin de Sécurité Microsoft CVE-2021-30613 du 2 septembre 2021	None	vendor-advisory
Bulletin de Sécurité Microsoft CVE-2021-30614 du 2 septembre 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Edge (bas\u00e9 sur Chromium) versions ant\u00e9rieures \u00e0 93.0.961.38 (\u00e0 l\u0027exclusion de la CVE-2021-26439)",
      "product": {
        "name": "Edge",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Edge pour Android versions ant\u00e9rieures \u00e0 4.6 (pour la CVE-2021-26439)",
      "product": {
        "name": "Edge",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-26439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26439"
    },
    {
      "name": "CVE-2021-30612",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30612"
    },
    {
      "name": "CVE-2021-30616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30616"
    },
    {
      "name": "CVE-2021-30621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30621"
    },
    {
      "name": "CVE-2021-30617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30617"
    },
    {
      "name": "CVE-2021-30613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30613"
    },
    {
      "name": "CVE-2021-30611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30611"
    },
    {
      "name": "CVE-2021-30618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30618"
    },
    {
      "name": "CVE-2021-30606",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30606"
    },
    {
      "name": "CVE-2021-30610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30610"
    },
    {
      "name": "CVE-2021-30620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30620"
    },
    {
      "name": "CVE-2021-30607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30607"
    },
    {
      "name": "CVE-2021-30608",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30608"
    },
    {
      "name": "CVE-2021-30614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30614"
    },
    {
      "name": "CVE-2021-30623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30623"
    },
    {
      "name": "CVE-2021-30622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30622"
    },
    {
      "name": "CVE-2021-30609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30609"
    },
    {
      "name": "CVE-2021-30624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30624"
    },
    {
      "name": "CVE-2021-30619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30619"
    },
    {
      "name": "CVE-2021-30615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30615"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-673",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-09-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Edge\n(bas\u00e9 sur Chromium) et Microsoft Edge pour Android. Elles permettent \u00e0\nun attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par\nl\u0027\u00e9diteur.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de S\u00e9curit\u00e9 Microsoft CVE-2021-30619 du 2 septembre 2021",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30619"
    },
    {
      "published_at": null,
      "title": "Bulletin de S\u00e9curit\u00e9 Microsoft CVE-2021-26439 du 2 septembre 2021",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26439"
    },
    {
      "published_at": null,
      "title": "Bulletin de S\u00e9curit\u00e9 Microsoft CVE-2021-30606 du 2 septembre 2021",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30606"
    },
    {
      "published_at": null,
      "title": "Bulletin de S\u00e9curit\u00e9 Microsoft CVE-2021-30616 du 2 septembre 2021",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30616"
    },
    {
      "published_at": null,
      "title": "Bulletin de S\u00e9curit\u00e9 Microsoft CVE-2021-30611 du 2 septembre 2021",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30611"
    },
    {
      "published_at": null,
      "title": "Bulletin de S\u00e9curit\u00e9 Microsoft CVE-2021-30608 du 2 septembre 2021",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30608"
    },
    {
      "published_at": null,
      "title": "Bulletin de S\u00e9curit\u00e9 Microsoft CVE-2021-30617 du 2 septembre 2021",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30617"
    },
    {
      "published_at": null,
      "title": "Bulletin de S\u00e9curit\u00e9 Microsoft CVE-2021-30607 du 2 septembre 2021",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30607"
    },
    {
      "published_at": null,
      "title": "Bulletin de S\u00e9curit\u00e9 Microsoft CVE-2021-30615 du 2 septembre 2021",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30615"
    },
    {
      "published_at": null,
      "title": "Bulletin de S\u00e9curit\u00e9 Microsoft CVE-2021-30612 du 2 septembre 2021",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30612"
    },
    {
      "published_at": null,
      "title": "Bulletin de S\u00e9curit\u00e9 Microsoft CVE-2021-30610 du 2 septembre 2021",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30610"
    },
    {
      "published_at": null,
      "title": "Bulletin de S\u00e9curit\u00e9 Microsoft CVE-2021-30624 du 2 septembre 2021",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30624"
    },
    {
      "published_at": null,
      "title": "Bulletin de S\u00e9curit\u00e9 Microsoft CVE-2021-30621 du 2 septembre 2021",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30621"
    },
    {
      "published_at": null,
      "title": "Bulletin de S\u00e9curit\u00e9 Microsoft CVE-2021-30618 du 2 septembre 2021",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30618"
    },
    {
      "published_at": null,
      "title": "Bulletin de S\u00e9curit\u00e9 Microsoft CVE-2021-30620 du 2 septembre 2021",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30620"
    },
    {
      "published_at": null,
      "title": "Bulletin de S\u00e9curit\u00e9 Microsoft CVE-2021-30609 du 2 septembre 2021",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30609"
    },
    {
      "published_at": null,
      "title": "Bulletin de S\u00e9curit\u00e9 Microsoft CVE-2021-30623 du 2 septembre 2021",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30623"
    },
    {
      "published_at": null,
      "title": "Bulletin de S\u00e9curit\u00e9 Microsoft CVE-2021-30622 du 2 septembre 2021",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30622"
    },
    {
      "published_at": null,
      "title": "Bulletin de S\u00e9curit\u00e9 Microsoft CVE-2021-30613 du 2 septembre 2021",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30613"
    },
    {
      "published_at": null,
      "title": "Bulletin de S\u00e9curit\u00e9 Microsoft CVE-2021-30614 du 2 septembre 2021",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30614"
    }
  ]
}

CERTFR-2021-AVI-708

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Microsoft	Edge	Microsoft Edge pour Android
	Microsoft	Edge	Microsoft Edge (Chromium-based)

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 14 septembre 2021

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Edge pour Android",
      "product": {
        "name": "Edge",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Edge (Chromium-based)",
      "product": {
        "name": "Edge",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-26439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26439"
    },
    {
      "name": "CVE-2021-30612",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30612"
    },
    {
      "name": "CVE-2021-30616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30616"
    },
    {
      "name": "CVE-2021-30621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30621"
    },
    {
      "name": "CVE-2021-30603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30603"
    },
    {
      "name": "CVE-2021-30617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30617"
    },
    {
      "name": "CVE-2021-30613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30613"
    },
    {
      "name": "CVE-2021-30601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30601"
    },
    {
      "name": "CVE-2021-30611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30611"
    },
    {
      "name": "CVE-2021-30618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30618"
    },
    {
      "name": "CVE-2021-30606",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30606"
    },
    {
      "name": "CVE-2021-38669",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-38669"
    },
    {
      "name": "CVE-2021-30610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30610"
    },
    {
      "name": "CVE-2021-30620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30620"
    },
    {
      "name": "CVE-2021-30607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30607"
    },
    {
      "name": "CVE-2021-30598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30598"
    },
    {
      "name": "CVE-2021-30602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30602"
    },
    {
      "name": "CVE-2021-30608",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30608"
    },
    {
      "name": "CVE-2021-30599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30599"
    },
    {
      "name": "CVE-2021-30632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30632"
    },
    {
      "name": "CVE-2021-30614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30614"
    },
    {
      "name": "CVE-2021-30604",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30604"
    },
    {
      "name": "CVE-2021-30623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30623"
    },
    {
      "name": "CVE-2021-30622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30622"
    },
    {
      "name": "CVE-2021-36930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36930"
    },
    {
      "name": "CVE-2021-30609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30609"
    },
    {
      "name": "CVE-2021-26436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26436"
    },
    {
      "name": "CVE-2021-30624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30624"
    },
    {
      "name": "CVE-2021-30619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30619"
    },
    {
      "name": "CVE-2021-38642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-38642"
    },
    {
      "name": "CVE-2021-38641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-38641"
    },
    {
      "name": "CVE-2021-30615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30615"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-708",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-09-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Usurpation d\u0027identit\u00e9"
    },
    {
      "description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Edge\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une usurpation d\u0027identit\u00e9, une \u00e9l\u00e9vation de privil\u00e8ges, une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la\nfonctionnalit\u00e9 de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 14 septembre 2021",
      "url": "https://msrc.microsoft.com/update-guide/"
    }
  ]
}

BDU:2022-00070

Vulnerability from fstec - Published: 03.09.2021

Title

Уязвимость механизма отображения веб-страниц Blink браузера Microsoft Edge, позволяющая нарушителю обойти существующую политику ограничения доступа

Description

Уязвимость механизма отображения веб-страниц Blink браузера Microsoft Edge связана с недостатками контроля доступа. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, обойти существующую политику ограничения доступа

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Vendor

Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра», Novell Inc., Fedora Project, Microsoft Corp, АО "НППКТ", АО «Концерн ВНИИНС»

Software Name

Debian GNU/Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), OpenSUSE Leap, Fedora, Microsoft Edge, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), ОС ОН «Стрелец» (запись в едином реестре российских программ №6177)

Software Version

9 (Debian GNU/Linux), 1.6 «Смоленск» (Astra Linux Special Edition), 10 (Debian GNU/Linux), 15.2 (OpenSUSE Leap), 33 (Fedora), 15.2 NonFree (OpenSUSE Leap), 34 (Fedora), 15.3 (OpenSUSE Leap), 11 (Debian GNU/Linux), 35 (Fedora), до 93.0.961.38 включительно (Microsoft Edge), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), до 2.3 (ОСОН ОСнова Оnyx), до 16.01.2023 (ОС ОН «Стрелец»)

Possible Mitigations

Использование рекомендаций: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30617 Для программных продуктов Novell Inc.: https://www.suse.com/security/cve/CVE-2021-30617 Для Fedora: https://lists.fedoraproject.org/archives/search?mlist=package-announce%40lists.fedoraproject.org&q=CVE-2021-30617 Для Debian GNU/Linux: https://security-tracker.debian.org/tracker/CVE-2021-30617 Для Astra Linux: использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17 https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47 https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16 Для ОСОН Основа: Обновление программного обеспечения chromium до версии 94.0.4606.81+repack-1osnova1.1 Для ОС ОН «Стрелец»: Обновление программного обеспечения chromium до версии 105.0.5195.125+repack2-1~deb11u1.osnova1.strelets

Reference

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30617 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPJPUSAWIJMQFBQQQYXAICLI4EKFQOH6/ https://www.cybersecurity-help.cz/vdb/SB2021083114 https://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17 https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47 https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16 https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.3/ https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023

CWE

CWE-284

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Novell Inc., Fedora Project, Microsoft Corp, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "9 (Debian GNU/Linux), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 10 (Debian GNU/Linux), 15.2 (OpenSUSE Leap), 33 (Fedora), 15.2 NonFree (OpenSUSE Leap), 34 (Fedora), 15.3 (OpenSUSE Leap), 11 (Debian GNU/Linux), 35 (Fedora), \u0434\u043e 93.0.961.38 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Microsoft Edge), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), \u0434\u043e 2.3 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30617\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2021-30617\n\u0414\u043b\u044f Fedora:\nhttps://lists.fedoraproject.org/archives/search?mlist=package-announce%40lists.fedoraproject.org\u0026q=CVE-2021-30617\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2021-30617\n\n\u0414\u043b\u044f Astra Linux:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f chromium \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 94.0.4606.81+repack-1osnova1.1\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f chromium \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 105.0.5195.125+repack2-1~deb11u1.osnova1.strelets",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "03.09.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "20.06.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "10.01.2022",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-00070",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-30617",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), OpenSUSE Leap, Fedora, Microsoft Edge, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , Novell Inc. OpenSUSE Leap 15.2 , Fedora Project Fedora 33 , Novell Inc. OpenSUSE Leap 15.2 NonFree , Fedora Project Fedora 34 , Novell Inc. OpenSUSE Leap 15.3 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , Fedora Project Fedora 35 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0430 \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446 Blink \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Microsoft Edge, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u0431\u043e\u0439\u0442\u0438 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0443\u044e \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u0443 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u0430 (CWE-284)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0430 \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446 Blink \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Microsoft Edge \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043e\u0431\u043e\u0439\u0442\u0438 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0443\u044e \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u0443 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30617\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPJPUSAWIJMQFBQQQYXAICLI4EKFQOH6/\nhttps://www.cybersecurity-help.cz/vdb/SB2021083114\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.3/\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-284",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,5)"
}

CNVD-2021-67545

Vulnerability from cnvd - Published: 2021-09-02

Title

Google Chrome Blink安全绕过漏洞（CNVD-2021-67545）

Description

Google Chrome是美国谷歌（Google）公司的一款Web浏览器。 Google Chrome Blink存在安全绕过漏洞。攻击者可利用此漏洞绕过安全限制。

Severity

高

Patch Name

Google Chrome Blink安全绕过漏洞（CNVD-2021-67545）的补丁

Patch Description

Google Chrome是美国谷歌（Google）公司的一款Web浏览器。 Google Chrome Blink存在安全绕过漏洞。攻击者可利用此漏洞绕过安全限制。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://chromereleases.googleblog.com/2021/08/stable-channel-update-for-desktop_31.html

Reference

https://chromereleases.googleblog.com/2021/08/stable-channel-update-for-desktop_31.html

Impacted products

Name
Google Chrome <93.0.4577.63

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-30617",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-30617"
    }
  },
  "description": "Google Chrome\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u7684\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\u3002\n\nGoogle Chrome Blink\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://chromereleases.googleblog.com/2021/08/stable-channel-update-for-desktop_31.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-67545",
  "openTime": "2021-09-02",
  "patchDescription": "Google Chrome\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u7684\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\u3002\r\n\r\nGoogle Chrome Blink\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Google Chrome Blink\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff08CNVD-2021-67545\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Google Chrome \u003c93.0.4577.63"
  },
  "referenceLink": "https://chromereleases.googleblog.com/2021/08/stable-channel-update-for-desktop_31.html",
  "serverity": "\u9ad8",
  "submitTime": "2021-09-01",
  "title": "Google Chrome Blink\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff08CNVD-2021-67545\uff09"
}

FKIE_CVE-2021-30617

Vulnerability from fkie_nvd - Published: 2021-09-03 20:15 - Updated: 2024-11-21 06:04

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Summary

Chromium: CVE-2021-30617 Policy bypass in Blink

References

URL	Tags
chrome-cve-admin@google.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPJPUSAWIJMQFBQQQYXAICLI4EKFQOH6/
chrome-cve-admin@google.com	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30617	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPJPUSAWIJMQFBQQQYXAICLI4EKFQOH6/
af854a3a-2127-422b-91ae-364da2661108	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30617	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
fedoraproject	fedora	35
microsoft	edge	*
microsoft	edge_chromium	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8B292D6-76BC-4B8C-ABC6-3095914F8EB0",
              "versionEndIncluding": "93.0.961.38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "135A239A-60C6-4BBB-A5B8-D520D3861AF8",
              "versionEndIncluding": "93.0.4577.63",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Chromium: CVE-2021-30617 Policy bypass in Blink"
    },
    {
      "lang": "es",
      "value": "Chromium: CVE-2021-30617 Omisi\u00f3n de pol\u00edticas en Blink"
    }
  ],
  "id": "CVE-2021-30617",
  "lastModified": "2024-11-21T06:04:18.197",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-09-03T20:15:07.763",
  "references": [
    {
      "source": "chrome-cve-admin@google.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPJPUSAWIJMQFBQQQYXAICLI4EKFQOH6/"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30617"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPJPUSAWIJMQFBQQQYXAICLI4EKFQOH6/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30617"
    }
  ],
  "sourceIdentifier": "chrome-cve-admin@google.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-Q8G3-JG66-M2GF

Vulnerability from github – Published: 2022-05-24 19:12 – Updated: 2022-05-24 19:12

Details

Policy bypass in Blink in Google Chrome prior to 93.0.4577.63 allowed a remote attacker to bypass site isolation via a crafted HTML page.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-30617"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-03T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Policy bypass in Blink in Google Chrome prior to 93.0.4577.63 allowed a remote attacker to bypass site isolation via a crafted HTML page.",
  "id": "GHSA-q8g3-jg66-m2gf",
  "modified": "2022-05-24T19:12:58Z",
  "published": "2022-05-24T19:12:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30617"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2021/08/stable-channel-update-for-desktop_31.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1226909"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5LVY4WIWTVVYKQMROJJS365TZBKEARCF"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPJPUSAWIJMQFBQQQYXAICLI4EKFQOH6"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QW4R2K5HVJ4R6XDZYOJCCFPIN2XHNS3L"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30617"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-30617 (GCVE-0-2021-30617)

Solution

Solution

Solution

Solution

Solution

Solution

Tags

Sightings

Nomenclature