Vulnerability Spotlight: Use-after-free in Google Chrome could lead to code execution


Cisco Talos recently discovered an exploitable use-after-free vulnerability in Google Chrome.  

Google Chrome is a cross-platform web browser — and Chromium is the open-source version of the browser that other software developers use to build their browsers, as well. This specific vulnerability exists in a specific object in the browser that’s responsible for creating streams of audio and video. 

TALOS-2021-1398 (CVE-2021-38008) is a use-after-free vulnerability that triggers if the user opens a specially crafted web page in Chrome. That page could trigger a use-after-free condition, which could lead to the execution of remote code on the targeted machine.Cisco Talos worked with Google to ensure that this issue is resolved and an update is available for affected customers, all in adherence to Cisco’s vulnerability disclosure policy

Read more…