Google Chrome Blink setBaseAndExtent use after free vulnerability [CVE-2021-30625]

CVE number = CVE-2021-30625

A use-after-free vulnerability exists in the Selection API of Blink rendering engine in Google Chrome 92.0.4515.131 (Stable) and 94.0.4597.1 (Canary).

A specially-crafted web page can trigger reuse of previously freed memory which can lead to arbitrary code execution.

Victim would need to visit a malicious website to trigger this vulnerability.

Tested Versions

Google Chrome 92.0.4515.131 (Stable)
Google Chrome 94.0.4597.1 (Canary)


Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: