{"id":"CVE-2021-30560","details":"Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","aliases":["GHSA-59gp-qqm7-cw4j"],"modified":"2026-04-02T06:50:40.432874Z","published":"2021-08-03T19:15:08.127Z","related":["MGASA-2022-0341","SUSE-SU-2023:0556-1","SUSE-SU-2023:0557-1","SUSE-SU-2023:0680-1","openSUSE-SU-2021:1073-1","openSUSE-SU-2021:1074-1","openSUSE-SU-2021:1095-1","openSUSE-SU-2021:1096-1","openSUSE-SU-2022:0110-1","openSUSE-SU-2024:10681-1","openSUSE-SU-2024:10977-1","openSUSE-SU-2024:11912-1","openSUSE-SU-2024:12423-1","openSUSE-SU-2024:12948-1","openSUSE-SU-2024:13165-1","openSUSE-SU-2024:14174-1","openSUSE-SU-2025:14697-1","openSUSE-SU-2026:10356-1"],"references":[{"type":"ADVISORY","url":"https://www.debian.org/security/2022/dsa-5216"},{"type":"ADVISORY","url":"https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202310-23"},{"type":"FIX","url":"https://crbug.com/1219209"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.gnome.org/GNOME/libxslt","events":[{"introduced":"0"},{"fixed":"50af4e65da712ceb59f98a7feeeab2ddc3324ab9"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.1.35"}]}}],"versions":["1.1.23","1.1.24","CVE-2015-7995","LIBXSLT_0_0_0","LIBXSLT_0_10_0","LIBXSLT_0_11_0","LIBXSLT_0_12_0","LIBXSLT_0_13_0","LIBXSLT_0_14_0","LIBXSLT_0_1_0","LIBXSLT_0_3_0","LIBXSLT_0_4_0","LIBXSLT_0_6_0","LIBXSLT_0_7_0","LIBXSLT_0_8_0","LIBXSLT_0_9_0","LIBXSLT_1_0_0","LIBXSLT_1_0_10","LIBXSLT_1_0_11","LIBXSLT_1_0_12","LIBXSLT_1_0_13","LIBXSLT_1_0_14","LIBXSLT_1_0_16","LIBXSLT_1_0_17","LIBXSLT_1_0_18","LIBXSLT_1_0_19","LIBXSLT_1_0_2","LIBXSLT_1_0_20","LIBXSLT_1_0_21","LIBXSLT_1_0_22","LIBXSLT_1_0_23","LIBXSLT_1_0_24","LIBXSLT_1_0_25","LIBXSLT_1_0_26","LIBXSLT_1_0_27","LIBXSLT_1_0_28","LIBXSLT_1_0_29","LIBXSLT_1_0_3","LIBXSLT_1_0_30","LIBXSLT_1_0_31","LIBXSLT_1_0_32","LIBXSLT_1_0_33","LIBXSLT_1_0_4","LIBXSLT_1_0_5","LIBXSLT_1_0_6","LIBXSLT_1_0_7","LIBXSLT_1_0_8","LIBXSLT_1_0_9","LIBXSLT_1_1_0","LIBXSLT_1_1_1","LIBXSLT_1_1_10","LIBXSLT_1_1_11","LIBXSLT_1_1_12","LIBXSLT_1_1_13","LIBXSLT_1_1_14","LIBXSLT_1_1_15","LIBXSLT_1_1_16","LIBXSLT_1_1_17","LIBXSLT_1_1_18","LIBXSLT_1_1_2","LIBXSLT_1_1_21","LIBXSLT_1_1_22","LIBXSLT_1_1_3","LIBXSLT_1_1_4","LIBXSLT_1_1_5","LIBXSLT_1_1_6","LIBXSLT_1_1_7","LIBXSLT_1_1_8","LIBXSLT_1_1_9","LIXSLT_0_5_0","v1.1.25","v1.1.26","v1.1.27","v1.1.27-rc1","v1.1.28","v1.1.29","v1.1.29-rc1","v1.1.29-rc2","v1.1.30","v1.1.30-rc1","v1.1.30-rc2","v1.1.31","v1.1.31-rc1","v1.1.31-rc2","v1.1.32","v1.1.32-rc1","v1.1.32-rc2","v1.1.33","v1.1.33-rc1","v1.1.33-rc2","v1.1.34","v1.1.34-rc2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-30560.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"91.0.4472.164"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"11.0"}]},{"events":[{"introduced":"8.2.0"},{"fixed":"8.2.12"}]},{"events":[{"introduced":"9.0.0"},{"fixed":"9.0.6"}]},{"events":[{"introduced":"0"},{"last_affected":"9.1.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}