CVE-2021-30625: 
vulnerability analysis and mitigation

CVE-2021-30625 is a use-after-free vulnerability discovered in the Selection API of Google Chrome's Blink rendering engine prior to version 93.0.4577.82. The vulnerability was reported by Marcin Towalski of Cisco Talos on August 6, 2021, and was patched by Google on August 24, 2021 (Chrome Release, Talos Report).

The vulnerability exists in the Selection API's setBaseAndExtent method implementation within the Blink rendering engine. It occurs when the engine fails to properly recognize the visibility of nodes inside the DOMSelection::setBaseAndExtent function, particularly when nodes are marked with 'content-visibility: hidden'. The issue manifests as a use-after-free vulnerability in the LayoutObject::LayoutObjectBitfields::IsBox() function. The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD).

If successfully exploited, this vulnerability could allow an attacker to achieve arbitrary code execution through proper manipulation of node elements and control over freed memory. The attack requires user interaction in the form of visiting a malicious website (Talos Report).

The vulnerability was patched in Google Chrome version 93.0.4577.82. Users should update their Chrome browser to this version or later to mitigate the risk. Google released this security fix as part of a larger security update that addressed multiple vulnerabilities (Chrome Release).

Google awarded a bug bounty of $7,500 for the discovery of this vulnerability, indicating its severity and potential impact (Chrome Release).