cbcvebase.
CVE-2021-21206
published 2021-04-26

CVE-2021-21206: Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

PriorityP182high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2021-11-17
Exploited in the wild
EPSS
9.40%
94.8th percentile
Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Affected

12 ranges
VendorProductVersion rangeFixed in
chromiumchromium>= 0 < 90.0.4430.72-190.0.4430.72-1
chromiumchromium>= 0 < 90.0.4430.72-190.0.4430.72-1
chromiumchromium>= 0 < 90.0.4430.72-190.0.4430.72-1
chromiumchromium>= 0 < 90.0.4430.72-190.0.4430.72-1
debianchromium< chromium 90.0.4430.72-1 (bookworm)chromium 90.0.4430.72-1 (bookworm)
fedoraprojectfedora
fedoraprojectfedora
fedoraprojectfedora
googlechrome< 89.0.4389.12889.0.4389.128
googlechrome>= unspecified < 89.0.4389.12889.0.4389.128
googlechrome_chrome
msrcmicrosoft_edge

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2021-21206 is a use-after-free in Blink (Google Chrome < 89.0.4389.128) confirmed exploited in the wild; any Chrome/Edge/Chromium-based browser below the fixed version should be flagged
  • Exploitation vector is a crafted HTML page delivered remotely; monitor for suspicious renderer process crashes or heap-corruption signals originating from Blink rendering engine
  • This vulnerability could affect multiple Chromium-based browsers beyond Chrome; broaden detection scope to include Microsoft Edge and Opera
  • ·Severity is rated High by Chrome; exploitation is in-the-wild per Microsoft MSRC
  • ·The vulnerability was reported anonymously, limiting threat-actor attribution for targeted detection

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
vulncheck8.8HIGH
cisa8.8HIGH
vendor_debian8.8HIGH
vendor_msrc8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.