CVE-2021-21193
published 2021-03-16CVE-2021-21193: Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
PriorityP182high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2021-11-17
Exploited in the wild
EPSS
9.87%
95.0th percentile
Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chromium | chromium | >= 0 < 89.0.4389.90-1 | 89.0.4389.90-1 |
| chromium | chromium | >= 0 < 89.0.4389.90-1 | 89.0.4389.90-1 |
| chromium | chromium | >= 0 < 89.0.4389.90-1 | 89.0.4389.90-1 |
| chromium | chromium | >= 0 < 89.0.4389.90-1 | 89.0.4389.90-1 |
| debian | chromium | < chromium 89.0.4389.90-1 (bookworm) | chromium 89.0.4389.90-1 (bookworm) |
| debian | debian_linux | — | — |
| fedoraproject | fedora | — | — |
| chrome | < 89.0.4389.90 | 89.0.4389.90 | |
| chrome | >= unspecified < 89.0.4389.90 | 89.0.4389.90 | |
| chrome_chrome | — | — | |
| msrc | microsoft_edge | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2021-21193 is confirmed exploited in the wild (CISA KEV); flag Google Chrome versions prior to 89.0.4389.90 and Microsoft Edge (Chromium-based) versions prior to 89.0.774.54 in use on endpoints ↗
- →The vulnerability resides in the Blink rendering engine; network/proxy logs showing crafted HTML page delivery to unpatched Chromium-based browsers (Chrome < 89.0.4389.90, Edge < 89.0.774.54) should be treated as suspicious ↗
- →Prioritize patching across all Chromium-based browsers (Chrome, Edge, Opera) as all are potentially affected by this Blink use-after-free ↗
- ·No public proof-of-concept or exploit payload details are available in the sources; the attack vector is a crafted HTML page delivered remotely, but no specific IOC (hash, URL, domain) for the exploit has been published in these sources ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
vulncheck8.8HIGH
cisa8.8HIGH
vendor_debian8.8HIGH
vendor_msrc8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hf6r-r2hj-f2g7: Use after free in Blink in Google Chrome prior to 89
ghsa_unreviewed·2022-05-24
CVE-2021-21193 [HIGH] CWE-416 GHSA-hf6r-r2hj-f2g7: Use after free in Blink in Google Chrome prior to 89
Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Project0
The More You Know, The More You Know You Don’t Know - Project Zero
project_zero·2022-04-01
CVE-2016-4654 The More You Know, The More You Know You Don’t Know - Project Zero
A Year in Review of 0-days Used In-the-Wild in 2021
Posted by Maddie Stone, Google Project Zero
This is our third annual year in review of 0-days exploited in-the-wild [2020, 2019]. Each year we’ve looked back at all of the detected and disclosed in-the-wild 0-days as a group and synthesized what we think the trends and takeaways are. The goal of this report is not to detail each individual exploit, but instead to analyze the exploits from the year as a group, looking for trends, gaps, lessons learned, successes, etc. If you’re interested in the analysis of individual exploits, please check out our root cause analysis repository.
We perform and share this analysis in order to make 0-day hard. We want it to be more costly, more resource intensive, and overall more difficult for
OSV
CVE-2021-21193: Use after free in Blink in Google Chrome prior to 89
osv·2021-03-16·CVSS 8.8
CVE-2021-21193 [HIGH] CVE-2021-21193: Use after free in Blink in Google Chrome prior to 89
Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
VulnCheck
Google Chromium Blink Use-After-Free Vulnerability
vulncheck·2021·CVSS 8.8
CVE-2021-21193 [HIGH] CWE-416 Google Chromium Blink Use-After-Free Vulnerability
Google Chromium Blink Use-After-Free Vulnerability
Google Chromium Blink contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Affected: Google Chromium Blink
Required Action: Apply updates per vendor instructions.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2021-11-17
CISA
Google Chromium Blink Use-After-Free Vulnerability
cisa·2021-11-03·CVSS 8.8
CVE-2021-21193 [HIGH] CWE-416 Google Chromium Blink Use-After-Free Vulnerability
Vulnerability: Google Chromium Blink Use-After-Free Vulnerability
Affected: Google Chromium Blink
Google Chromium Blink contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2021-21193
Remediation Due Date: 2021-11-17
Chrome
Stable Channel Update for Desktop: CVE-2021-21191
vendor_chrome·2021-03-12·CVSS 8.8
CVE-2021-21191 [HIGH] Stable Channel Update for Desktop: CVE-2021-21191
Stable Channel Update for Desktop
CVE-2021-21191: Use after free in WebRTC. Reported by raven (@raid_akame) on 2021-01-15 [$TBD][ 1181387 ] High CVE-2021-21192: Heap buffer overflow in tab groups
Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-02-23 [$TBD][ 1186287 ] High CVE-2021-21193: Use after free in Blink
Severity: high
Microsoft
Chromium CVE-2021-21193: Use after free in Blink
vendor_msrc·2021-03-09·CVSS 8.8
CVE-2021-21193 [HIGH] Chromium CVE-2021-21193: Use after free in Blink
Chromium CVE-2021-21193: Use after free in Blink
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
This CVE has been reported to be exploited in the wild.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
89.0.774.54
3/13/2021
89.0.4389.90
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerab
Debian
CVE-2021-21193: chromium - Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote ...
vendor_debian·2021·CVSS 8.8
CVE-2021-21193 [HIGH] CVE-2021-21193: chromium - Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote ...
Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Scope: local
bookworm: resolved (fixed in 89.0.4389.90-1)
bullseye: resolved (fixed in 89.0.4389.90-1)
forky: resolved (fixed in 89.0.4389.90-1)
sid: resolved (fixed in 89.0.4389.90-1)
trixie: resolved (fixed in 89.0.4389.90-1)
No detection rules found.
No public exploits indexed.
Qualys
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys
blogs_qualys·2022-02-23
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys
#### Table of Contents
- Situation
- Directive Scope
- CISA Catalog of Known Exploited Vulnerabilities
- Detect CISA Vulnerabilities Using Qualys VMDR
- CISA Exploited RTI
- Detailed Operational Dashboard
- Remediation
- Federal Enterprises and Agencies Can Act Now
- Summary
- Getting Started
CISA released a directive in November 2021, recommending urgent and prioritized remediation of actively exploited vulnerabilities. Both government agencies and corporations should heed this advice. This blog outlines how Qualys Vulnerability Management, Detection & Response can be used by any organization to respond to this directive efficiently and effectively.
## Situation
Last November 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Binding Operational Directiv
Qualys
Qualys Response to CISA Alert: Binding Operational Directive 22-01
blogs_qualys·2021-11-09
Qualys Response to CISA Alert: Binding Operational Directive 22-01
## Table of Contents
Overview
Directive Scope
CISA Catalog of Known Exploited Vulnerabilities
Detect CISAs Vulnerabilities Using Qualys VMDR
Remediation
Federal Enterprises and Agencies Can Act Now
Summary
Getting Started
Start your VMDR 30-day, no-cost trial today
## Overview
On November 3, 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Binding Operational Directive 22-01 , “Reducing the Significant Risk of Known Exploited Vulnerabilities.” This directive recommends urgent and prioritized remediation of the vulnerabilities that adversaries are actively exploiting. It establishes a CISA-managed catalog of known exploited vulnerabilities that carry significant risk to the federal government and establishes requirements for agencies to remediate
Qualys
Qualys Response to CISA Alert: Binding Operational Directive 22-01 | Qualys
blogs_qualys·2021-11-09
Qualys Response to CISA Alert: Binding Operational Directive 22-01 | Qualys
#### Table of Contents
- Overview
- Directive Scope
- CISA Catalog of Known Exploited Vulnerabilities
- Detect CISAs Vulnerabilities Using Qualys VMDR
- Remediation
- Federal Enterprises and Agencies Can Act Now
- Summary
- Getting Started
Start your VMDR 30-day, no-cost trial today
## Overview
On November 3, 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Binding Operational Directive 22-01, “Reducing the Significant Risk of Known Exploited Vulnerabilities.” This directive recommends urgent and prioritized remediation of the vulnerabilities that adversaries are actively exploiting. It establishes a CISA-managed catalog of known exploited vulnerabilities that carry significant risk to the federal government and establishes requirements for agencies to
Crowdstrike
Patch Tuesday 2021: A Vulnerability Deep Dive
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] Patch Tuesday 2021: A Vulnerability Deep Dive
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand AT
Crowdstrike
Patch Tuesday 2021: A Vulnerability Deep Dive
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] Patch Tuesday 2021: A Vulnerability Deep Dive
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VI
https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.htmlhttps://crbug.com/1186287https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N52OWF4BAP3JNK2QYGU3Q6QUVDZDCIMQ/https://security.gentoo.org/glsa/202104-08https://www.debian.org/security/2021/dsa-4886https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.htmlhttps://crbug.com/1186287https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N52OWF4BAP3JNK2QYGU3Q6QUVDZDCIMQ/https://security.gentoo.org/glsa/202104-08https://www.debian.org/security/2021/dsa-4886https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-21193
2021-03-16
Published
2021-11-03
Added to CISA KEV
Exploited in the wild