CVE-2021-21206
CVE-2021-21206
In short
Google Chrome had a flaw where it could use memory that was already freed, allowing attackers to corrupt the system's memory through a malicious webpage. This could lead to crashes or potentially allow an attacker to run malicious code.
Technical detail
Use-after-free vulnerability in Blink rendering engine allowing remote code execution via crafted HTML. Attack vector: opening a malicious webpage; impact: heap corruption potentially leading to arbitrary code execution. Fixed in Chrome 89.0.4389.128.
Summary generated and translated by AI from the official description.
Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Google · ChromeWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop.htmlhttps://crbug.com/1196781https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EAJ42L4JFPBJATCZ7MOZQTUDGV4OEHHG/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3GZ42MYPGD35V652ZPVPYYS7A7LVXVY/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUZBGKGVZADNA3I24NVG7HAYYUTOSN5A/https://security.gentoo.org/glsa/202104-08https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-21206