CVE-2021-30544 – This is a use-after-free vulnerability in Chrom... (How to Fix)

Q: What is the severity of CVE-2021-30544?

CVE-2021-30544 has a CVSS score of 8.8 (HIGH). This is a use-after-free vulnerability in Chrome's Back/Forward Cache (BFCache) that allows remote attackers to potentially exploit heap corruption. Attackers can craft malicious HTML pages to trigger this vulnerability, potentially leading to arbitrary code execution. All users running Chrome versions prior to 91.0.4472.101 are affected.

📋 TL;DR

This is a use-after-free vulnerability in Chrome's Back/Forward Cache (BFCache) that allows remote attackers to potentially exploit heap corruption. Attackers can craft malicious HTML pages to trigger this vulnerability, potentially leading to arbitrary code execution. All users running Chrome versions prior to 91.0.4472.101 are affected.

💻 Affected Systems

Products:

Google Chrome
Chromium-based browsers

Versions: All versions prior to 91.0.4472.101

Operating Systems: Windows, Linux, macOS, Android, iOS

Default Config Vulnerable: ⚠️ Yes

Notes: All standard Chrome installations are vulnerable. BFCache is enabled by default.

📦 What is this software?

Chrome by Google

Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...

Learn more about Chrome →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the same privileges as the Chrome process, potentially leading to full system compromise if Chrome is running with elevated privileges.

🟠

Likely Case

Browser crash (denial of service) or limited code execution within the Chrome sandbox, potentially allowing data theft or further exploitation.

🟢

If Mitigated

No impact if Chrome is fully patched or if exploit attempts are blocked by security controls.

🌐 Internet-Facing: HIGH - Attackers can host malicious HTML pages on websites accessible via the internet.

🏢 Internal Only: MEDIUM - Risk exists if users visit malicious internal web pages or if attackers gain internal network access.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires user interaction (visiting a malicious webpage). The CVE has a high CVSS score (8.8) indicating significant exploit potential.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 91.0.4472.101 and later

Vendor Advisory: https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html

Restart Required: Yes

Instructions:

1. Open Chrome. 2. Click the three-dot menu → Help → About Google Chrome. 3. Chrome will automatically check for and install updates. 4. Click 'Relaunch' to restart Chrome with the update.

🔧 Temporary Workarounds

Disable BFCache via command line

all

Disables the Back/Forward Cache feature that contains the vulnerability

google-chrome --disable-features=BackForwardCache

Disable JavaScript

all

Prevents execution of malicious JavaScript that could trigger the vulnerability

🧯 If You Can't Patch

Use browser isolation technology to render web content in isolated environments
Implement strict web filtering to block access to untrusted websites

🔍 How to Verify

Check if Vulnerable:

Check Chrome version in Settings → About Chrome. If version is below 91.0.4472.101, the system is vulnerable.

Check Version:

google-chrome --version

Verify Fix Applied:

Verify Chrome version is 91.0.4472.101 or higher in Settings → About Chrome.

📡 Detection & Monitoring

Log Indicators:

Chrome crash reports
Unexpected process termination events
Security event logs showing exploit attempts

Network Indicators:

Requests to known malicious domains hosting exploit code
Unusual traffic patterns to/from Chrome processes

SIEM Query:

source="chrome" AND (event_type="crash" OR version<"91.0.4472.101")

📊 Metadata

CVE ID: CVE-2021-30544

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: June 15, 2021

Last Updated: November 21, 2024

🔗 References

https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html Release Notes,Vendor Advisory
https://crbug.com/1212618 Issue Tracking,Permissions Required,Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ETMZL6IHCTCTREEL434BQ4THQ7EOHJ43/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAT6EOXVQFE6JFMFQF4IKAOUQSHMHL54/
https://security.gentoo.org/glsa/202107-06 Third Party Advisory
https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html Release Notes,Vendor Advisory
https://crbug.com/1212618 Issue Tracking,Permissions Required,Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ETMZL6IHCTCTREEL434BQ4THQ7EOHJ43/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAT6EOXVQFE6JFMFQF4IKAOUQSHMHL54/
https://security.gentoo.org/glsa/202107-06 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-30544, you might also want to check these: