Vulnerability DatabaseCVE-2021-30628

CVE-2021-30628:
vulnerability analysis and mitigation

Overview

CVE-2021-30628 is a stack buffer overflow vulnerability discovered in ANGLE (Almost Native Graphics Layer Engine) component of Google Chrome versions prior to 93.0.4577.82. The vulnerability was reported by Jaehun Jeong(@n3sk) of Theori on August 18, 2021, and was publicly disclosed on September 13, 2021 (Chrome Release).

Technical details

The vulnerability is classified as a stack buffer overflow in the ANGLE component of Google Chrome. It has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability allows a remote attacker to potentially exploit stack corruption through a specially crafted HTML page (NVD).

Impact

The vulnerability could allow an attacker to potentially exploit stack corruption, which could lead to arbitrary code execution within the context of the browser. Given the high CVSS score and the critical nature of the ANGLE component in Chrome's graphics pipeline, successful exploitation could compromise the integrity and security of the affected system (NVD).

Mitigation and workarounds

Google released a fix for this vulnerability in Chrome version 93.0.4577.82. Users are advised to update their Chrome browser to this version or later to mitigate the vulnerability. The fix was also incorporated into subsequent releases of Fedora's Chromium packages (Fedora Update).

Additional resources

Source: This report was generated using AI

View vulnerable instances

Not a Wiz customer? See which CVEs are exploitable in your environment.

Get a CVE Assessment

8.8

Score

Published October 8, 2021

Severity HIGH

CNA Score N/A

Has Public Exploit No

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 78.6

Exploitation Probability (EPSS) 1.2

Affected packages and libraries

qt5-qtwebengine-devel
qt5-qtwebengine-devtools

Sources

Alpine Security Tracker
- Alpine 3.14 Severity HIGHHas FixAdded at: Nov 23, 2021
- Alpine 3.15 Severity HIGHHas FixAdded at: Nov 25, 2021
- Alpine 3.16 Severity HIGHHas FixAdded at: May 24, 2022
- Alpine 3.17 Severity HIGHHas FixAdded at: Nov 23, 2022
- Alpine 3.18 Severity HIGHHas FixAdded at: May 10, 2023
- Alpine 3.19 Severity HIGHHas FixAdded at: Dec 10, 2023
- Alpine 3.20 Severity HIGHHas FixAdded at: May 26, 2024
- Alpine 3.21 Severity HIGHHas FixAdded at: Dec 08, 2024
- Alpine 3.22 Severity HIGHHas FixAdded at: Jun 01, 2025
- Alpine 3.23 Severity HIGHHas FixAdded at: Dec 04, 2025
- Alpine edge Severity HIGHHas FixAdded at: Jun 19, 2023
Debian Security Tracker
- Debian 9, 10 Severity HIGHNo FixAdded at: Mar 28, 2022
- Debian 11 Severity HIGHHas FixAdded at: Mar 26, 2022
- Debian 12 Severity HIGHHas FixAdded at: Jan 29, 2022
- Debian 13 Severity HIGHHas FixAdded at: Jun 11, 2023
- Debian 14 Severity HIGHHas FixAdded at: Aug 10, 2025
Echo
- Echo Severity HIGHHas FixAdded at: Nov 18, 2025
Gentoo Advisory Database
- Gentoo Severity HIGHHas FixAdded at: Jul 24, 2022
Nix
- Nix Severity HIGHHas FixAdded at: May 26, 2024
Ubuntu Security Tracker
- Ubuntu 18.04 Severity MEDIUMHas FixAdded at: Nov 23, 2021
NVD
- Linux Severity HIGHHas FixAdded at: Nov 23, 2021
- Windows Severity HIGHHas FixAdded at: Nov 23, 2021