VIR Vulnerability Intelligence Relay

CVE-2021-30551

critical KEV
Published 2021-11-03 · Modified 2021-11-03
CVSS v3
CVSS v2
VIR risk
10.0

Description

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

CISA KEV

Vendor
Google
Product
Chromium V8
Due date
2021-11-17

Predictions

Exploit likelihood
99%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cisa-kev — https://nvd.nist.gov/vuln/detail/CVE-2021-30551

vendor Authored 2026-05-27

Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2021-30551.html

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2021-30551

vendor Authored 2026-05-27

Vendor advisory: arch — https://security.archlinux.org/ASA-202106-31

vendor Authored 2026-05-27

Vendor advisory: arch — https://security.archlinux.org/ASA-202106-32

Exploits

OS impact
OSVersionStatusFixed in
arch archfixed4.0.2312.25-1
debian debianbookwormfixed93.0.4577.82-1
debian debianbullseyefixed93.0.4577.82-1
debian debianforkyfixed93.0.4577.82-1
debian debiansidfixed93.0.4577.82-1
debian debiantrixiefixed93.0.4577.82-1
suse slesaffected

References

Verify integrity in audit chain (admin only). AS-IS.