High severity8.8NVD Advisory· Published Aug 3, 2021· Updated Jun 17, 2026
CVE-2021-30564
CVE-2021-30564
Description
Heap buffer overflow in WebXR in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Affected products
9- osv-coords7 versionspkg:rpm/opensuse/chromium&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/chromium&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/chromium&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/opera&distro=openSUSE%20Leap%2015.2%20NonFreepkg:rpm/opensuse/opera&distro=openSUSE%20Leap%2015.3%20NonFreepkg:rpm/opensuse/opera&distro=openSUSE%20Leap%2015.4%20NonFreepkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2015%20SP3
< 91.0.4472.164-lp152.2.113.2+ 6 more
- (no CPE)range: < 91.0.4472.164-lp152.2.113.2
- (no CPE)range: < 91.0.4472.164-bp153.2.16.1
- (no CPE)range: < 93.0.4577.82-1.1
- (no CPE)range: < 77.0.4054.277-lp152.2.55.1
- (no CPE)range: < 77.0.4054.277-lp153.2.9.1
- (no CPE)range: < 85.0.4341.28-lp154.2.5.1
- (no CPE)range: < 91.0.4472.164-bp153.2.16.1
Patches
Vulnerability mechanics
References
2- chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.htmlnvdRelease NotesVendor Advisory
- crbug.com/1221309nvdPermissions RequiredVendor Advisory
News mentions
0No linked articles in our index yet.