CVE-2021-30632

HIGH KEV

Google Chrome <93.0.4577.82 - Heap Corruption

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2021-30632 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 3, 2021. EIP tracks 4 public exploits from researchers including Phuong39, CrackerCat, paulsery.

AI-analyzed exploit summary This repository provides a technical analysis of CVE-2021-30632, an out-of-bounds write vulnerability in V8. The exploit involves type confusion between PACKED_SMI and PACKED_DOUBLE elements in arrays, leading to arbitrary read/write operations.

Description

Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Exploits (4)

nomisec WRITEUP 74 stars
by Phuong39 · client-side
https://github.com/Phuong39/PoC-CVE-2021-30632

This repository provides a technical analysis of CVE-2021-30632, an out-of-bounds write vulnerability in V8. The exploit involves type confusion between PACKED_SMI and PACKED_DOUBLE elements in arrays, leading to arbitrary read/write operations.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Complex
Reliability
Theoretical
Target: Samsung Internet Browser v15.0.2.47
No auth needed
Prerequisites: Samsung Internet Browser v15.0.2.47 without Google's patch
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WRITEUP 14 stars
by CrackerCat · poc
https://github.com/CrackerCat/CVE-2021-30632

This repository references CVE-2021-30632, a Chrome V8 RCE vulnerability, and provides links to external analysis and PoC. It lacks direct exploit code but includes technical references and a demo GIF.

Classification
Writeup 80%
Attack Type
Rce
Complexity
Complex
Reliability
Theoretical
Target: Google Chrome 91, 92, 93.0.4577.63
No auth needed
Prerequisites: Target running vulnerable Chrome version
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by paulsery · client-side
https://github.com/paulsery/CVE-2021-30632

This repository contains a functional exploit PoC for CVE-2021-30632, a Chrome V8 engine vulnerability. The exploit leverages a type confusion bug to achieve arbitrary memory read/write and executes shellcode to spawn a shell.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Google Chrome (V8 engine) version 93.0.4577.63
No auth needed
Prerequisites: V8 engine compiled at commit 632e6e7 · d8 shell to run the PoC
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (6)

Core 6

Scores

CVSS v3 8.8
EPSS 0.8378
EPSS Percentile 99.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact total

Details

CISA KEV 2021-11-03
VulnCheck KEV 2021-09-08
InTheWild.io 2021-09-08
ENISA EUVD EUVD-2021-17552
CWE
CWE-787
Status published
Products (3)
fedoraproject/fedora 33
fedoraproject/fedora 35
google/chrome < 93.0.4577.82
Published Oct 08, 2021
KEV Added Nov 03, 2021
Tracked Since Feb 18, 2026