CVE-2021-21206
CVE-2021-21206
Vexday Risk Score
51Attention
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 8.8EPSS 9.4%KEV simPoC —Nuclei —Metasploit —Patch referenciado
Lifecycle
26 Apr 2021Published on NVD
03 Nov 2021Active exploitation (CISA KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short
Google Chrome had a flaw where it could use memory that was already freed, allowing attackers to corrupt the system's memory through a malicious webpage. This could lead to crashes or potentially allow an attacker to run malicious code.
Technical detail
Use-after-free vulnerability in Blink rendering engine allowing remote code execution via crafted HTML. Attack vector: opening a malicious webpage; impact: heap corruption potentially leading to arbitrary code execution. Fixed in Chrome 89.0.4389.128.
Summary generated and translated by AI from the official description.
Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Google · ChromeWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop.htmlhttps://crbug.com/1196781https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EAJ42L4JFPBJATCZ7MOZQTUDGV4OEHHG/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3GZ42MYPGD35V652ZPVPYYS7A7LVXVY/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUZBGKGVZADNA3I24NVG7HAYYUTOSN5A/https://security.gentoo.org/glsa/202104-08https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-21206