Vulnerability DatabaseCVE-2021-30540

CVE-2021-30540:
vulnerability analysis and mitigation

Overview

CVE-2021-30540 is a security vulnerability discovered in Google Chrome on Android prior to version 91.0.4472.77. The vulnerability involves incorrect security UI implementation in the payments feature that could allow a remote attacker to perform domain spoofing through a crafted HTML page (NVD).

Technical details

The vulnerability has been assigned a CVSS v3.1 Base Score of 6.5 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N. This indicates that the vulnerability can be exploited remotely, requires low attack complexity, needs no privileges, but does require user interaction. The scope is unchanged, with no impact on confidentiality, high impact on integrity, and no impact on availability (NVD).

Impact

The vulnerability allows an attacker to perform domain spoofing through crafted HTML pages, which could potentially mislead users during payment transactions. This could lead to users being deceived about the authenticity of payment-related web pages, potentially resulting in financial fraud or theft of payment information (NVD).

Mitigation and workarounds

The vulnerability has been patched in Google Chrome version 91.0.4472.77 and later. Users are advised to update their Chrome installations to this version or newer. Multiple Linux distributions have also released security updates to address this vulnerability, including Fedora and Gentoo (Gentoo Advisory, Chrome Release).

Additional resources

Source: This report was generated using AI

View vulnerable instances

Not a Wiz customer? See which CVEs are exploitable in your environment.

Get a CVE Assessment

6.5

Score

Published June 7, 2021

Severity MEDIUM

CNA Score N/A

Has Public Exploit Yes

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 61.3

Exploitation Probability (EPSS) 0.4

Affected packages and libraries

chromedriver
chromium-browser

Sources

Alpine Security Tracker
- Alpine 3.14 Severity MEDIUMHas FixAdded at: Nov 23, 2021
- Alpine 3.15 Severity MEDIUMHas FixAdded at: Nov 25, 2021
- Alpine 3.16 Severity MEDIUMHas FixAdded at: May 24, 2022
- Alpine 3.17 Severity MEDIUMHas FixAdded at: Nov 23, 2022
- Alpine 3.18 Severity MEDIUMHas FixAdded at: May 10, 2023
- Alpine 3.19 Severity MEDIUMHas FixAdded at: Dec 10, 2023
- Alpine 3.20 Severity MEDIUMHas FixAdded at: May 26, 2024
- Alpine 3.21 Severity MEDIUMHas FixAdded at: Dec 08, 2024
- Alpine 3.22 Severity MEDIUMHas FixAdded at: Jun 01, 2025
- Alpine 3.23 Severity MEDIUMHas FixAdded at: Dec 04, 2025
- Alpine edge Severity MEDIUMHas FixAdded at: Jun 19, 2023
Debian Security Tracker
- Debian 9, 10 Severity MEDIUMNo FixAdded at: Mar 28, 2022
- Debian 11 Severity MEDIUMHas FixAdded at: Mar 26, 2022
- Debian 12 Severity MEDIUMHas FixAdded at: Jan 29, 2022
- Debian 13 Severity MEDIUMHas FixAdded at: Jun 11, 2023
- Debian 14 Severity MEDIUMHas FixAdded at: Aug 10, 2025
Echo
- Echo Severity MEDIUMHas FixAdded at: Nov 18, 2025
Gentoo Advisory Database
- Gentoo Severity HIGHHas FixAdded at: Jul 24, 2022
Nix
- Nix Severity MEDIUMHas FixAdded at: May 26, 2024
Ubuntu Security Tracker
- Ubuntu 18.04 Severity MEDIUMHas FixAdded at: Nov 23, 2021
NVD
- Linux Severity MEDIUMHas FixAdded at: Nov 23, 2021
- Windows Severity MEDIUMHas FixAdded at: Nov 23, 2021