From 00f51a523fb1e13304a1270798eaf7a06860f2fd Mon Sep 17 00:00:00 2001 From: Amy Ressler Date: Tue, 3 Aug 2021 18:19:05 +0000 Subject: [PATCH] Descriptions for CVEs fixed in Chrome Release-3-91 Please enter the commit message for your changes. Lines starting --- 2021/30xxx/CVE-2021-30541.json | 53 +++++++++++++++++++++++++++++++--- 2021/30xxx/CVE-2021-30559.json | 53 +++++++++++++++++++++++++++++++--- 2021/30xxx/CVE-2021-30560.json | 53 +++++++++++++++++++++++++++++++--- 2021/30xxx/CVE-2021-30561.json | 53 +++++++++++++++++++++++++++++++--- 2021/30xxx/CVE-2021-30562.json | 53 +++++++++++++++++++++++++++++++--- 2021/30xxx/CVE-2021-30563.json | 53 +++++++++++++++++++++++++++++++--- 2021/30xxx/CVE-2021-30564.json | 53 +++++++++++++++++++++++++++++++--- 7 files changed, 343 insertions(+), 28 deletions(-) diff --git a/2021/30xxx/CVE-2021-30541.json b/2021/30xxx/CVE-2021-30541.json index 924df15aa76..4601ee5f542 100644 --- a/2021/30xxx/CVE-2021-30541.json +++ b/2021/30xxx/CVE-2021-30541.json @@ -4,15 +4,60 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30541", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "91.0.4472.164", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/1214842" + }, + { + "url": "https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." } ] } -} \ No newline at end of file +} diff --git a/2021/30xxx/CVE-2021-30559.json b/2021/30xxx/CVE-2021-30559.json index 83588f7499b..796f8cf1e55 100644 --- a/2021/30xxx/CVE-2021-30559.json +++ b/2021/30xxx/CVE-2021-30559.json @@ -4,15 +4,60 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30559", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "91.0.4472.164", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out of bounds write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/1219082" + }, + { + "url": "https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." } ] } -} \ No newline at end of file +} diff --git a/2021/30xxx/CVE-2021-30560.json b/2021/30xxx/CVE-2021-30560.json index cf68ce737bd..a62dd4572e9 100644 --- a/2021/30xxx/CVE-2021-30560.json +++ b/2021/30xxx/CVE-2021-30560.json @@ -4,15 +4,60 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30560", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "91.0.4472.164", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/1219209" + }, + { + "url": "https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." } ] } -} \ No newline at end of file +} diff --git a/2021/30xxx/CVE-2021-30561.json b/2021/30xxx/CVE-2021-30561.json index f5b319ed8be..d531f372c06 100644 --- a/2021/30xxx/CVE-2021-30561.json +++ b/2021/30xxx/CVE-2021-30561.json @@ -4,15 +4,60 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30561", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "91.0.4472.164", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Type Confusion" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/1219630" + }, + { + "url": "https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." } ] } -} \ No newline at end of file +} diff --git a/2021/30xxx/CVE-2021-30562.json b/2021/30xxx/CVE-2021-30562.json index dbd52b8b677..1afe269bff2 100644 --- a/2021/30xxx/CVE-2021-30562.json +++ b/2021/30xxx/CVE-2021-30562.json @@ -4,15 +4,60 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30562", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "91.0.4472.164", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/1220078" + }, + { + "url": "https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in WebSerial in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." } ] } -} \ No newline at end of file +} diff --git a/2021/30xxx/CVE-2021-30563.json b/2021/30xxx/CVE-2021-30563.json index 2e22479f121..b140de2ff21 100644 --- a/2021/30xxx/CVE-2021-30563.json +++ b/2021/30xxx/CVE-2021-30563.json @@ -4,15 +4,60 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30563", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "91.0.4472.164", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Type Confusion" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/1228407" + }, + { + "url": "https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." } ] } -} \ No newline at end of file +} diff --git a/2021/30xxx/CVE-2021-30564.json b/2021/30xxx/CVE-2021-30564.json index 5732eae285e..b46b4f1f4e4 100644 --- a/2021/30xxx/CVE-2021-30564.json +++ b/2021/30xxx/CVE-2021-30564.json @@ -4,15 +4,60 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-30564", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "91.0.4472.164", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/1221309" + }, + { + "url": "https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Heap buffer overflow in WebXR in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." } ] } -} \ No newline at end of file +}