Vulnerability Spotlight: Use-after-free condition in Google Chrome could lead to code execution

Cisco Talos recently discovered an exploitable use-after-free vulnerability in Google Chrome.

Google Chrome is a cross-platform web browser — and Chromium is the open-source version of the browser that other software developers use to build their browsers, as well. This specific vulnerability exists in Blink, the main DOM parsing and rendering engine at the core of Chromium.

TALOS-2021-1352 (CVE-2021-30625) is a use-after-free vulnerability that triggers if the user opens a specially crafted web page in Chrome. That page could trigger the reuse of previously freed memory, which can lead to arbitrary code execution.

Read more…
Source:  CISCO Talos