Cisco Talos recently discovered an exploitable use-after-free vulnerability in Google Chrome. This specific vulnerability exists in Blink, the main DOM parsing and rendering engine at the core of the browser. TALOS-2021-1352 (CVE-2021-30625) is a use-after-free vulnerability that triggers if the user opens a specially crafted web page in Chrome. That page could trigger the reuse of previously freed memory, which can lead to arbitrary code execution. Cisco Talos worked with Google to ensure that this issue is resolved and an update is available for affected customers, all in adherence to Cisco’s vulnerability disclosure policy. Users are encouraged to update these affected products as soon as possible: Google Chrome, versions 92.0.4515.131 (Stable) and 94.0.4597.1 (Canary). Talos tested and confirmed these versions of Chrome could be exploited by this vulnerability.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is