As the S4E team, we found the use after free vulnerability that we detected in the latest version of Google Chrome. Although we focus on customer feedback on our products in the early stage of our startup, we conduct various vulnerability studies and challenging bounty programs whenever we can.
logo
Google Chrome Vulnerability Worth for $6K: Use After Free (CVE-2021-30573)
Google Chrome Vulnerability Worth for $6K: Use After Free (CVE-2021-30573)
As the S4E team, we are always interested in new vulnerabilities and challenging bounty programs. Although we focus on customer feedback on our products in the early stage of our startup, we conduct various vulnerability studies whenever we can.
One of them is the use after free vulnerability that we detected in the latest version of Google Chrome.
How Did We Detect Google Chrome Use After Free Vulnerability?
We noticed that our chrome process and operating system crashed during product development due to writing a long warning message in the options part of the HTML select element.
We debugged the Google Chrome browser and found that the following error message was written to the log when we triggered it by typing a specific number and some special characters (including some HTML tags) into the options part of the select element.
==40998==ERROR: AddressSanitizer: heap-use-after-free on address 0x61600000dce4 at pc 0x55e40c87ca32 bp 0x7ffdb5e46fd0 sp 0x7ffdb5e46fc8
The operating system and Google Chrome version information in which we detected the vulnerability are as follows:
VERSION
Chrome Version: [91.0.4472.77] + [stable] (Official Build) (64-bit)
Operating System: [Kali GNU/Linux version 2020.1, Ubuntu version 20.04.2 LTS, Ubuntu version 20.04.1 LTS]
This post was created with our nice and easy submission form. Create your post!
GIPHY App Key not set. Please check settings