Vulnerability DatabaseCVE-2021-30539

CVE-2021-30539:
vulnerability analysis and mitigation

Overview

CVE-2021-30539 is a security vulnerability identified in Google Chrome versions prior to 91.0.4472.77. The vulnerability stems from insufficient policy enforcement in content security policy that could allow a remote attacker to bypass content security policy via a crafted HTML page (NVD, Chrome Releases).

Technical details

The vulnerability has been assigned a CVSS v3.1 Base Score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N. The CVSS v2.0 Base Score is 5.8 (Medium) with the vector (AV:N/AC:M/Au:N/C:P/I:P/A:N). The vulnerability is classified under CWE-863 (Incorrect Authorization) (NVD).

Impact

The vulnerability could allow remote attackers to bypass content security policy protections, potentially leading to unauthorized access to sensitive information or execution of malicious code within the context of the affected browser (Gentoo Security).

Mitigation and workarounds

The vulnerability has been patched in Google Chrome version 91.0.4472.77 and later. Users and administrators are advised to upgrade to the latest version of Chrome to mitigate this security risk. Various Linux distributions have also released security updates addressing this vulnerability (Chrome Releases, Fedora Update).

Additional resources

Source: This report was generated using AI

View vulnerable instances

Not a Wiz customer? See which CVEs are exploitable in your environment.

Get a CVE Assessment

5.4

Score

Published June 7, 2021

Severity MEDIUM

CNA Score N/A

Has Public Exploit Yes

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 29

Exploitation Probability (EPSS) 0.1

Affected packages and libraries

chromium
cpe:2.3:a:google:chrome

Sources

Alpine Security Tracker
- Alpine 3.14 Severity MEDIUMHas FixAdded at: Nov 23, 2021
- Alpine 3.15 Severity MEDIUMHas FixAdded at: Nov 25, 2021
- Alpine 3.16 Severity MEDIUMHas FixAdded at: May 24, 2022
- Alpine 3.17 Severity MEDIUMHas FixAdded at: Nov 23, 2022
- Alpine 3.18 Severity MEDIUMHas FixAdded at: May 10, 2023
- Alpine 3.19 Severity MEDIUMHas FixAdded at: Dec 10, 2023
- Alpine 3.20 Severity MEDIUMHas FixAdded at: May 26, 2024
- Alpine 3.21 Severity MEDIUMHas FixAdded at: Dec 08, 2024
- Alpine 3.22 Severity MEDIUMHas FixAdded at: Jun 01, 2025
- Alpine 3.23 Severity MEDIUMHas FixAdded at: Dec 04, 2025
- Alpine edge Severity MEDIUMHas FixAdded at: Jun 19, 2023
Debian Security Tracker
- Debian 9, 10 Severity MEDIUMNo FixAdded at: Mar 28, 2022
- Debian 11 Severity MEDIUMHas FixAdded at: Mar 26, 2022
- Debian 12 Severity MEDIUMHas FixAdded at: Jan 29, 2022
- Debian 13 Severity MEDIUMHas FixAdded at: Jun 11, 2023
- Debian 14 Severity MEDIUMHas FixAdded at: Aug 10, 2025
Echo
- Echo Severity MEDIUMHas FixAdded at: Nov 18, 2025
Gentoo Advisory Database
- Gentoo Severity HIGHHas FixAdded at: Jul 24, 2022
Nix
- Nix Severity MEDIUMHas FixAdded at: May 26, 2024
Ubuntu Security Tracker
- Ubuntu 18.04 Severity MEDIUMHas FixAdded at: Nov 23, 2021
NVD
- Linux Severity MEDIUMHas FixAdded at: Nov 23, 2021
- Windows Severity MEDIUMHas FixAdded at: Nov 23, 2021