CVE-2021-30538: 
vulnerability analysis and mitigation

CVE-2021-30538 is a security vulnerability discovered in Google Chrome prior to version 91.0.4472.77. The vulnerability was identified as an insufficient policy enforcement in content security policy that could allow a remote attacker to bypass content security policy via a crafted HTML page. The vulnerability was reported by Tianze Ding (@D1iv3) of Tencent Security Xuanwu Lab on August 11, 2020, and was publicly disclosed in May 2021 (Chrome Release).

The vulnerability is classified with a CVSS 3.1 Base Score of 4.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. The CVSS 2.0 Base Score is also 4.3 (MEDIUM) with the vector (AV:N/AC:M/Au:N/C:N/I:P/A:N). This indicates that the vulnerability is network exploitable, requires low attack complexity, needs no privileges, but does require user interaction (NVD).

The vulnerability allows a remote attacker to bypass content security policy protections through a specially crafted HTML page. This could potentially lead to security policy violations and compromise the intended security boundaries of the browser (NVD).

The vulnerability was patched in Google Chrome version 91.0.4472.77. Users and administrators are advised to upgrade to this version or later. Various Linux distributions have also released security updates to address this vulnerability, including Fedora and Gentoo (Gentoo Advisory, Fedora Update).