CVE-2021-30560 – This is a use-after-free vulnerability in Chrom... (How to Fix)

Q: What is the severity of CVE-2021-30560?

CVE-2021-30560 has a CVSS score of 8.8 (HIGH). This is a use-after-free vulnerability in Chrome's Blink XSLT processor that allows remote attackers to potentially exploit heap corruption. Attackers can craft malicious HTML pages to trigger memory corruption, potentially leading to arbitrary code execution. All users running vulnerable Chrome versions are affected.

📋 TL;DR

This is a use-after-free vulnerability in Chrome's Blink XSLT processor that allows remote attackers to potentially exploit heap corruption. Attackers can craft malicious HTML pages to trigger memory corruption, potentially leading to arbitrary code execution. All users running vulnerable Chrome versions are affected.

💻 Affected Systems

Products:

Google Chrome
Chromium-based browsers
Debian Linux packages
Gentoo Linux packages

Versions: Google Chrome versions prior to 91.0.4472.164

Operating Systems: Windows, Linux, macOS, Android

Default Config Vulnerable: ⚠️ Yes

Notes: All default Chrome configurations are vulnerable. Chromium-based browsers may also be affected if they haven't backported the fix.

📦 What is this software?

Chrome by Google

Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...

Learn more about Chrome →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the same privileges as the Chrome process, potentially leading to full system compromise if Chrome is running with elevated privileges.

🟠

Likely Case

Browser crash (denial of service) or limited code execution within Chrome's sandbox, potentially allowing data theft or further exploitation.

🟢

If Mitigated

Browser crash with no data compromise if sandboxing works correctly, though memory corruption could still bypass some protections.

🌐 Internet-Facing: HIGH - Attackers can host malicious HTML pages on websites, making this easily exploitable via normal web browsing.

🏢 Internal Only: MEDIUM - Risk exists if users visit malicious internal sites or open crafted HTML files, but requires user interaction.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires user to visit a malicious webpage. No public exploit code is known, but use-after-free vulnerabilities in Chrome are frequently weaponized.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 91.0.4472.164

Vendor Advisory: https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html

Restart Required: Yes

Instructions:

1. Open Chrome. 2. Click the three-dot menu → Help → About Google Chrome. 3. Chrome will automatically check for and install updates. 4. Click 'Relaunch' to restart Chrome with the updated version.

🔧 Temporary Workarounds

Disable JavaScript

all

Prevents execution of malicious XSLT processing code

chrome://settings/content/javascript → Block

Use Site Isolation

all

Enhances Chrome's sandboxing to limit impact of potential exploitation

chrome://flags/#enable-site-per-process → Enable

🧯 If You Can't Patch

Restrict web browsing to trusted sites only using Chrome's site restrictions
Deploy application allowlisting to prevent execution of unknown processes from Chrome

🔍 How to Verify

Check if Vulnerable:

Check Chrome version: If version is less than 91.0.4472.164, system is vulnerable.

Check Version:

google-chrome --version (Linux) or chrome://version (all platforms)

Verify Fix Applied:

Confirm Chrome version is 91.0.4472.164 or higher after update.

📡 Detection & Monitoring

Log Indicators:

Chrome crash reports with XSLT-related stack traces
Unexpected Chrome process termination events

Network Indicators:

Requests to unusual domains with XSLT payloads
Multiple Chrome instances spawning from web browsing

SIEM Query:

process_name:"chrome.exe" AND (event_id:1000 OR event_id:1001) AND message:"XSLT" OR "Blink"

📊 Metadata

CVE ID: CVE-2021-30560

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: August 3, 2021

Last Updated: May 5, 2025

🔗 References

https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html Release Notes,Vendor Advisory
https://crbug.com/1219209 Issue Tracking,Patch,Vendor Advisory
https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html Mailing List,Third Party Advisory
https://security.gentoo.org/glsa/202310-23 Third Party Advisory
https://www.debian.org/security/2022/dsa-5216 Third Party Advisory
https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html Release Notes,Vendor Advisory
https://crbug.com/1219209 Issue Tracking,Patch,Vendor Advisory
https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html Mailing List,Third Party Advisory
https://security.gentoo.org/glsa/202310-23 Third Party Advisory
https://www.debian.org/security/2022/dsa-5216 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-30560, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Chrome by Google

Debian Linux by Debian

Debian Linux by Debian

Libxslt by Xmlsoft

Universal Forwarder by Splunk

Universal Forwarder by Splunk

Universal Forwarder by Splunk

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable JavaScript

Use Site Isolation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities