Vulnerability DatabaseCVE-2021-30516

CVE-2021-30516:
Node.js vulnerability analysis and mitigation

Overview

CVE-2021-30516 is a heap buffer overflow vulnerability discovered in the History component of Google Chrome versions prior to 90.0.4430.212. The vulnerability was disclosed in May 2021 and affects Google Chrome's browser history functionality (Chrome Release, NVD).

Technical details

The vulnerability is classified as a heap buffer overflow vulnerability that specifically affects the History component in Google Chrome. It has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is tracked under CWE-787 (Out-of-bounds Write) (NVD).

Impact

When successfully exploited, this vulnerability could allow a remote attacker who has compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. The high CVSS score indicates that successful exploitation could lead to significant impacts on the confidentiality, integrity, and availability of the affected system (NVD).

Mitigation and workarounds

The vulnerability has been patched in Google Chrome version 90.0.4430.212. Users and administrators are advised to upgrade to this version or later. Multiple Linux distributions have also released security updates to address this vulnerability, including Fedora and Gentoo (Gentoo Advisory, Fedora Update).

Additional resources

Source: This report was generated using AI

View vulnerable instances

Not a Wiz customer? See which CVEs are exploitable in your environment.

Get a CVE Assessment

8.8

Score

Published June 4, 2021

Severity HIGH

CNA Score N/A

Affected Technologies

Node.js
Google Chrome

Has Public Exploit Yes

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 73.8

Exploitation Probability (EPSS) 0.8

Affected packages and libraries

chromedriver
opera

Sources

Alpine Security Tracker
- Alpine 3.14 Severity HIGHHas FixAdded at: Nov 23, 2021
- Alpine 3.15 Severity HIGHHas FixAdded at: Nov 25, 2021
- Alpine 3.16 Severity HIGHHas FixAdded at: May 24, 2022
- Alpine 3.17 Severity HIGHHas FixAdded at: Nov 23, 2022
- Alpine 3.18 Severity HIGHHas FixAdded at: May 10, 2023
- Alpine 3.19 Severity HIGHHas FixAdded at: Dec 10, 2023
- Alpine 3.20 Severity HIGHHas FixAdded at: May 26, 2024
- Alpine 3.21 Severity HIGHHas FixAdded at: Dec 08, 2024
- Alpine 3.22 Severity HIGHHas FixAdded at: Jun 01, 2025
- Alpine edge Severity HIGHHas FixAdded at: Jun 19, 2023
Debian Security Tracker
- Debian 9 Severity HIGHNo FixAdded at: Mar 28, 2022
- Debian 10, 11 Severity HIGHHas FixAdded at: Nov 23, 2021
- Debian 12 Severity HIGHHas FixAdded at: Jan 29, 2022
- Debian 13 Severity HIGHHas FixAdded at: Jun 11, 2023
- Debian 14 Severity HIGHHas FixAdded at: Aug 10, 2025
Echo
- Echo Severity HIGHHas FixAdded at: Nov 18, 2025
Gentoo Advisory Database
- Gentoo Severity HIGHHas FixAdded at: Jul 24, 2022
Nix
- Nix Severity HIGHHas FixAdded at: May 26, 2024
Ubuntu Security Tracker
- Ubuntu 18.04 Severity MEDIUMHas FixAdded at: Nov 23, 2021
NVD
- Linux Severity HIGHHas FixAdded at: Nov 23, 2021
- Windows Severity HIGHHas FixAdded at: Nov 23, 2021

Get a CVE risk assessment

Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.

Request assessment

Related Node.js vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-7783	CRITICAL	9.4	JavaScript	polkit-docs	No	Yes	Jul 18, 2025
CVE-2025-52099	HIGH	7.5	SQLite	nodejs:22::npm	No	Yes	Oct 24, 2025
CVE-2025-27210	HIGH	7.5	Node.js	cpe:2.3:a:nodejs:node.js	No	Yes	Jul 18, 2025
CVE-2025-27209	HIGH	7.5	Node.js	cpe:2.3:a:nodejs:node.js	No	Yes	Jul 18, 2025
CVE-2025-7458	MEDIUM	6.9	SQLite	nodejs-packaging-bundler	No	Yes	Jul 29, 2025