CVE-2021-30622
📋 TL;DR
This vulnerability is a use-after-free flaw in Chromium's WebApp installation component that allows attackers to execute arbitrary code or cause a denial of service. It affects all Chromium-based browsers including Google Chrome, Microsoft Edge, and other derivatives. Attackers can exploit this by tricking users into visiting malicious websites.
💻 Affected Systems
- Google Chrome
- Microsoft Edge
- Chromium-based browsers
📦 What is this software?
Edge by Microsoft
Edge Chromium by Microsoft
Fedora by Fedoraproject
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution with the privileges of the browser process, potentially leading to full system compromise if combined with other vulnerabilities or running with elevated privileges.
Likely Case
Browser crash (denial of service) or limited code execution within the browser sandbox, potentially enabling further exploitation through chained vulnerabilities.
If Mitigated
Browser crash with no data loss if sandboxing works properly, though user may lose unsaved work.
🎯 Exploit Status
Exploitation requires user interaction (visiting malicious site) but no authentication. Use-after-free vulnerabilities typically require precise timing and memory manipulation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Chrome 93.0.4577.63 and later, Edge 93.0.961.38 and later
Vendor Advisory: https://chromereleases.googleblog.com/2021/08/stable-channel-update-for-desktop_31.html
Restart Required: Yes
Instructions:
1. Open Chrome/Edge browser. 2. Click menu (three dots) → Help → About Google Chrome/About Microsoft Edge. 3. Browser will automatically check for updates and install if available. 4. Click 'Relaunch' to restart browser with updated version.
🔧 Temporary Workarounds
Disable WebApp Installation
allPrevent WebApp installation functionality which contains the vulnerable component
Not applicable - configure via browser policies or flags
Enable Site Isolation
allEnsure site isolation is enabled to limit impact of potential exploitation
chrome://flags/#site-isolation-trial-opt-out → Set to 'Disabled'
🧯 If You Can't Patch
- Use alternative browsers not based on affected Chromium versions
- Implement web filtering to block known malicious sites and restrict browser usage to trusted domains only
🔍 How to Verify
Check if Vulnerable:
Check browser version: Chrome/Edge → Menu → Help → About. If version is below 93.0.4577.63 (Chrome) or 93.0.961.38 (Edge), you are vulnerable.Check Version:
On Windows: "reg query "HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon" /v version" or check browser About pageVerify Fix Applied:
Confirm browser version is 93.0.4577.63 or higher for Chrome, or 93.0.961.38 or higher for Edge.📡 Detection & Monitoring
Log Indicators:
- Browser crash reports with memory access violations
- Unexpected browser process termination
- WebApp installation failures
Network Indicators:
- Connections to suspicious domains followed by browser crashes
- Multiple rapid requests to WebApp installation endpoints
SIEM Query:
source="browser_crash_logs" AND (event_id="1000" OR event_id="1001") AND process_name="chrome.exe" AND memory_address_violation🔗 References
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPJPUSAWIJMQFBQQQYXAICLI4EKFQOH6/
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30622
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPJPUSAWIJMQFBQQQYXAICLI4EKFQOH6/
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-30622
