NewsSecurity Vulnerabilities

Google Chrome Blink setBaseAndExtent use after free vulnerability [CVE-2021-30625]

CVE number = CVE-2021-30625

A use-after-free vulnerability exists in the Selection API of Blink rendering engine in Google Chrome 92.0.4515.131 (Stable) and 94.0.4597.1 (Canary).

A specially-crafted web page can trigger reuse of previously freed memory which can lead to arbitrary code execution.

Victim would need to visit a malicious website to trigger this vulnerability.

Tested Versions

Google Chrome 92.0.4515.131 (Stable)
Google Chrome 94.0.4597.1 (Canary)

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.