Skip to main content

CVE-2021-30560: Use after free in Google Chrome

High
VulnerabilityCVE-2021-30560cvecve-2021-30560
Published: Tue Aug 03 2021 (08/03/2021, 00:00:00 UTC)
Source: CVE
Vendor/Project: Google
Product: Chrome

Description

Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

AI-Powered Analysis

AILast updated: 07/03/2025, 10:40:32 UTC

Technical Analysis

CVE-2021-30560 is a high-severity use-after-free vulnerability identified in the Blink rendering engine component of Google Chrome versions prior to 91.0.4472.164. Specifically, the flaw exists in the handling of XSLT (Extensible Stylesheet Language Transformations) within Blink, which is responsible for processing XML transformations in web content. A use-after-free vulnerability occurs when a program continues to use memory after it has been freed, leading to undefined behavior such as heap corruption. In this case, a remote attacker can craft a malicious HTML page that exploits this vulnerability to trigger heap corruption, potentially allowing arbitrary code execution within the context of the browser. The vulnerability has a CVSS v3.1 base score of 8.8, indicating high severity, with an attack vector of network (remote exploitation), low attack complexity, no privileges required, but requiring user interaction (visiting a malicious webpage). The impact includes full compromise of confidentiality, integrity, and availability of the affected system through code execution. Although no known exploits in the wild have been reported, the vulnerability was publicly disclosed and patched by Google, emphasizing the importance of updating Chrome to versions 91.0.4472.164 or later. The vulnerability is classified under CWE-416 (Use After Free), a common and dangerous memory corruption issue. Given the widespread use of Google Chrome globally, this vulnerability represents a significant risk if left unpatched.

Potential Impact

For European organizations, the impact of CVE-2021-30560 can be substantial. Google Chrome is one of the most widely used browsers across enterprises and public sectors in Europe, making this vulnerability a prime target for attackers aiming to compromise user systems. Successful exploitation could lead to remote code execution, enabling attackers to install malware, steal sensitive data, or move laterally within corporate networks. This is particularly critical for organizations handling sensitive personal data under GDPR regulations, as breaches could lead to severe legal and financial consequences. Additionally, sectors such as finance, healthcare, and government agencies, which rely heavily on secure web browsing, could face operational disruptions and reputational damage. The requirement for user interaction (visiting a malicious webpage) means phishing campaigns or malicious advertisements could be vectors for exploitation. Although no active exploits have been reported, the potential for weaponization remains, especially in targeted attacks or advanced persistent threat (APT) scenarios.

Mitigation Recommendations

To mitigate the risks posed by CVE-2021-30560, European organizations should implement the following specific measures: 1) Immediate update of all Google Chrome installations to version 91.0.4472.164 or later, ensuring that automatic updates are enabled and functioning correctly. 2) Deploy enterprise-wide browser management policies to enforce update compliance and restrict the use of outdated browser versions. 3) Implement web content filtering and URL reputation services to block access to known malicious sites that could host exploit pages. 4) Educate users about the risks of interacting with suspicious links or websites, emphasizing cautious browsing behavior to reduce the chance of triggering the vulnerability. 5) Utilize endpoint detection and response (EDR) tools to monitor for unusual browser behavior or exploitation attempts indicative of use-after-free attacks. 6) Consider sandboxing or isolating browser processes to limit the impact of potential exploitation. 7) Regularly review and audit browser extensions and plugins, as these can sometimes be vectors for exploitation or increase attack surface. 8) Maintain up-to-date backups and incident response plans to quickly recover from any compromise resulting from exploitation.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
Chrome
Date Reserved
2021-04-13T00:00:00.000Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682d981ec4522896dcbdba80

Added to database: 5/21/2025, 9:08:46 AM

Last enriched: 7/3/2025, 10:40:32 AM

Last updated: 8/12/2025, 9:40:24 AM

Views: 12

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats