CVE-2021-30607: 
vulnerability analysis and mitigation

CVE-2021-30607 is a Use-after-free vulnerability in the Permissions component of Chromium-based browsers. The vulnerability was discovered in 2021 and affects Google Chrome versions prior to 93.0.4577.63, Microsoft Edge (Chromium-based) versions up to 93.0.961.38, and other Chromium-based browsers (NVD, Ubuntu).

The vulnerability is classified as a Use-after-free (CWE-416) issue in the Permissions component. It received a CVSS v3.1 base score of 8.8 (High), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. This indicates that the vulnerability can be exploited remotely with low attack complexity, requires no privileges but does need user interaction, and can result in high impacts to confidentiality, integrity, and availability (NVD).

If successfully exploited, this vulnerability could allow a remote attacker who has compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. The high CVSS score indicates that successful exploitation could lead to significant impacts on system confidentiality, integrity, and availability (NVD).

The vulnerability has been fixed in Chrome version 93.0.4577.63 and Microsoft Edge version 93.0.961.38. Users are advised to update their browsers to these versions or later. Various Linux distributions have also released patches, including Ubuntu 18.04 LTS which fixed the issue with version 93.0.4577.63-0ubuntu0.18.04.1 (Ubuntu, Fedora).