CVE-2021-30627: 
vulnerability analysis and mitigation

Type confusion vulnerability (CVE-2021-30627) was discovered in the Blink layout component of Google Chrome versions prior to 93.0.4577.82. The vulnerability was reported by Aki Helin of OUSPG on September 1, 2021, and was patched in the stable channel update released on September 13, 2021. This security flaw affected Google Chrome browsers across Windows, Mac, and Linux operating systems (Chrome Release).

The vulnerability is classified as a type confusion issue in the Blink layout engine of Chrome that could potentially lead to heap corruption when triggered by a specially crafted HTML page. The severity of this vulnerability is rated as HIGH with a CVSS v3.1 base score of 8.8 (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). The vulnerability was assigned CWE-843 (Access of Resource Using Incompatible Type) classification (NVD).

If successfully exploited, this vulnerability could allow a remote attacker to potentially exploit heap corruption through a crafted HTML page, potentially leading to arbitrary code execution within the context of the browser (NVD).

Google addressed this vulnerability in Chrome version 93.0.4577.82. Users are advised to update their Chrome browsers to this version or later. The fix was also incorporated into various Linux distributions including Fedora 33 and 35 through their respective update channels (Fedora Update).