Piotr Bania of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.

Cisco Talos recently discovered two use-after-free vulnerabilities in Google’s Web Audio API that an adversary could exploit to execute remote code on the victim machine. Web Audio API is a high-level JavaScript API for processing and synthesizing audio in web applications. These vulnerabilities specifically exist in the Google Chrome web browser’s instance of this API.

In accordance with our coordinated disclosure policy, Cisco Talos worked with Google to ensure that these issues are resolved and an update is available for affected customers.

Vulnerability details

Google Chrome WebAudio blink::AudioNodeOutput::Pull code execution vulnerability (TALOS-2021-1251/CVE-2021-30522)

A code execution vulnerability exists in the WebAudio blink::AudioNodeOutput::Pull functionality of Google Chrome 90.0.4405.0 (Build) (64-bit) and 88.0.4324.146 (Official version) (64-bit). A specially crafted web page can lead to a use-after-free condition. An attacker could exploit this vulnerability by tricking a user into opening a specially crafted web page.

Read the complete vulnerability advisory here for additional information.

Versions tested

Talos tested and confirmed that TALOS-2021-1251 affects the 64-bit versions of Google Chrome, versions 88.0.4324.146 and 90.0.4405.0.

Coverage

The following SNORTⓇ rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.

Snort Rules: 55036, 55037