VIR Vulnerability Intelligence Relay

CVE-2021-21193

high KEV
Published 2021-11-03 · Modified 2021-11-03
CVSS v3
CVSS v2
VIR risk
9.5

Description

Google Chromium Blink contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

CISA KEV

Vendor
Google
Product
Chromium Blink
Due date
2021-11-17

Predictions

Exploit likelihood
99%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cisa-kev — https://nvd.nist.gov/vuln/detail/CVE-2021-21193

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2021-21193

vendor Authored 2026-05-27

Vendor advisory: arch — https://security.archlinux.org/ASA-202103-9

vendor Authored 2026-05-27

Vendor advisory: arch — https://security.archlinux.org/ASA-202103-19

Exploits

OS impact
OSVersionStatusFixed in
arch archfixed3.7.2218.45-1
debian debianbookwormfixed89.0.4389.90-1
debian debianbullseyefixed89.0.4389.90-1
debian debianforkyfixed89.0.4389.90-1
debian debiansidfixed89.0.4389.90-1
debian debiantrixiefixed89.0.4389.90-1

References

Verify integrity in audit chain (admin only). AS-IS.