VIR Vulnerability Intelligence Relay

CVE-2021-21224

high KEV
Published 2021-11-03 · Modified 2021-11-03
CVSS v3
CVSS v2
VIR risk
9.5

Description

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

CISA KEV

Vendor
Google
Product
Chromium V8
Due date
2021-11-17

Predictions

Exploit likelihood
99%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cisa-kev — https://nvd.nist.gov/vuln/detail/CVE-2021-21224

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2021-21224

vendor Authored 2026-05-27

Vendor advisory: arch — https://security.archlinux.org/ASA-202104-7

Exploits

OS impact
OSVersionStatusFixed in
arch archfixed3.7.2218.58-1
debian debianbookwormfixed90.0.4430.85-1
debian debianbullseyefixed90.0.4430.85-1
debian debianforkyfixed90.0.4430.85-1
debian debiansidfixed90.0.4430.85-1
debian debiantrixiefixed90.0.4430.85-1

References

Verify integrity in audit chain (admin only). AS-IS.