Login Sign Up

CVE-2021-30602

8.8 HIGH

📋 TL;DR

This is a use-after-free vulnerability in Chrome's WebRTC component that allows heap corruption. Attackers can exploit it by tricking users into visiting malicious websites, potentially leading to arbitrary code execution. All Chrome users prior to version 92.0.4515.159 are affected.

💻 Affected Systems

Products:
  • Google Chrome
  • Chromium-based browsers
Versions: All versions prior to 92.0.4515.159
Operating Systems: Windows, Linux, macOS, Android, iOS
Default Config Vulnerable: ⚠️ Yes
Notes: All standard Chrome installations are vulnerable. WebRTC is enabled by default.

📦 What is this software?

Chrome by Google

Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...

Learn more about Chrome →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the Chrome process, potentially leading to full system compromise if Chrome is running with elevated privileges.

🟠

Likely Case

Browser crash (denial of service) or limited code execution within Chrome's sandbox, potentially allowing data theft or further exploitation.

🟢

If Mitigated

No impact if Chrome is fully patched or if exploit attempts are blocked by security controls.

🌐 Internet-Facing: HIGH - Exploitation requires only visiting a malicious website, which is common for internet-facing systems.
🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing or compromised internal sites, but attack surface is smaller.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires crafting malicious HTML/JavaScript and convincing users to visit it. The use-after-free in WebRTC makes reliable exploitation challenging but possible.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 92.0.4515.159

Vendor Advisory: https://chromereleases.googleblog.com/2021/08/stable-channel-update-for-desktop.html

Restart Required: Yes

Instructions:

1. Open Chrome. 2. Click the three-dot menu → Help → About Google Chrome. 3. Chrome will automatically check for and apply updates. 4. Restart Chrome when prompted.

🔧 Temporary Workarounds

Disable WebRTC

all

Temporarily disable WebRTC functionality to prevent exploitation

chrome://flags/#disable-webrtc
Set 'WebRTC' flag to 'Disabled'

Use Chrome Enterprise policies

all

Deploy policies to block malicious sites and restrict WebRTC

Configure Site Isolation, Safe Browsing policies via GPO/management console

🧯 If You Can't Patch

  • Deploy network filtering to block known malicious domains and restrict access to untrusted websites
  • Implement application whitelisting to prevent unauthorized code execution from Chrome

🔍 How to Verify

Check if Vulnerable:

Check Chrome version: if below 92.0.4515.159, system is vulnerable

Check Version:

On Chrome: chrome://version/ or 'google-chrome --version' on command line

Verify Fix Applied:

Confirm Chrome version is 92.0.4515.159 or higher

📡 Detection & Monitoring

Log Indicators:

  • Chrome crash reports with WebRTC-related stack traces
  • Unexpected Chrome process termination

Network Indicators:

  • Unusual WebRTC connections to external IPs
  • Suspicious WebSocket/HTTP traffic to malicious domains

SIEM Query:

source="chrome_logs" AND (event="crash" OR event="exception") AND process="chrome" AND module="webrtc"

📊 Metadata

CVE ID: CVE-2021-30602
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-416
Published: August 26, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-30602, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)