VulnerableCode Vulnerability Details

System	Score	Found at
epss	0.06498	https://api.first.org/data/v1/epss?cve=CVE-2021-37973
epss	0.06498	https://api.first.org/data/v1/epss?cve=CVE-2021-37973
epss	0.06498	https://api.first.org/data/v1/epss?cve=CVE-2021-37973
epss	0.06498	https://api.first.org/data/v1/epss?cve=CVE-2021-37973
epss	0.06498	https://api.first.org/data/v1/epss?cve=CVE-2021-37973
epss	0.06664	https://api.first.org/data/v1/epss?cve=CVE-2021-37973
epss	0.06664	https://api.first.org/data/v1/epss?cve=CVE-2021-37973
epss	0.06664	https://api.first.org/data/v1/epss?cve=CVE-2021-37973
cvssv3.1	9.6	https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html
ssvc	Attend	https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html
cvssv3.1	9.6	https://crbug.com/1251727
ssvc	Attend	https://crbug.com/1251727
cvssv3.1	9.6	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R/
ssvc	Attend	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R/
cvssv3.1	9.6	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PM7MOYYHJSWLIFZ4TPJTD7MSA3HSSLV2/
ssvc	Attend	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PM7MOYYHJSWLIFZ4TPJTD7MSA3HSSLV2/
archlinux	High	https://security.archlinux.org/AVG-2419
archlinux	High	https://security.archlinux.org/AVG-2426
cvssv3.1	9.6	https://www.debian.org/security/2022/dsa-5046
ssvc	Attend	https://www.debian.org/security/2022/dsa-5046

System

Score

Found at

epss

0.06498

https://api.first.org/data/v1/epss?cve=CVE-2021-37973

epss

0.06498

https://api.first.org/data/v1/epss?cve=CVE-2021-37973

epss

0.06498

https://api.first.org/data/v1/epss?cve=CVE-2021-37973

epss

0.06498

https://api.first.org/data/v1/epss?cve=CVE-2021-37973

epss

0.06498

https://api.first.org/data/v1/epss?cve=CVE-2021-37973

epss

0.06664

https://api.first.org/data/v1/epss?cve=CVE-2021-37973

epss

0.06664

https://api.first.org/data/v1/epss?cve=CVE-2021-37973

epss

0.06664

https://api.first.org/data/v1/epss?cve=CVE-2021-37973

cvssv3.1

9.6

https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html

ssvc

Attend

https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html

cvssv3.1

9.6

https://crbug.com/1251727

ssvc

Attend

https://crbug.com/1251727

cvssv3.1

9.6

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R/

ssvc

Attend

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R/

cvssv3.1

9.6

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PM7MOYYHJSWLIFZ4TPJTD7MSA3HSSLV2/

ssvc

Attend

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PM7MOYYHJSWLIFZ4TPJTD7MSA3HSSLV2/

archlinux

High

https://security.archlinux.org/AVG-2419

archlinux

High

https://security.archlinux.org/AVG-2426

cvssv3.1

9.6

https://www.debian.org/security/2022/dsa-5046

ssvc

Attend

https://www.debian.org/security/2022/dsa-5046

Reference id

Reference type

URL

https://api.first.org/data/v1/epss?cve=CVE-2021-37973

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30558

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37956

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37957

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37958

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37959

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37961

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37962

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37963

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37964

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37965

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37966

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37967

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37968

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37969

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37970

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37971

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37972

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37973

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37974

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37975

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37976

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37977

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37978

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37979

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37980

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37981

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37982

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37983

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37984

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37985

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37986

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37987

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37988

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37989

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37990

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37991

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37992

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37993

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37994

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37995

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37996

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37997

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37998

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37999

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38000

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38001

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38002

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38003

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38004

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38005

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38006

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38007

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38008

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38009

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38010

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38011

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38012

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38013

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38014

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38015

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38016

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38017

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38018

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38019

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38020

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38021

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38022

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4052

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4053

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4054

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4055

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4056

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4057

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4058

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4059

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4061

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4062

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4063

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4064

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4065

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4066

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4067

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4068

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4078

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4079

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4098

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4099

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4100

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4101

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4102

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4316

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4317

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4318

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4319

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4320

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4321

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4322

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0096

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0097

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0098

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0099

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0100

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0101

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0102

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0103

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0104

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0105

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0106

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0107

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0108

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0109

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0110

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0111

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0112

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0113

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0114

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0115

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0116

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0117

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0118

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0120

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4924

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4925

1251727

https://crbug.com/1251727

4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R/

AVG-2419

https://security.archlinux.org/AVG-2419

AVG-2426

https://security.archlinux.org/AVG-2426

dsa-5046

https://www.debian.org/security/2022/dsa-5046

GLSA-202201-02

https://security.gentoo.org/glsa/202201-02

PM7MOYYHJSWLIFZ4TPJTD7MSA3HSSLV2

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PM7MOYYHJSWLIFZ4TPJTD7MSA3HSSLV2/

stable-channel-update-for-desktop_24.html

https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html

Data source	KEV
Date added	Nov. 3, 2021
Description	Google Chromium Portals contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability affects web browsers that utilize Chromium, including Google Chrome and Microsoft Edge.
Required action	Apply updates per vendor instructions.
Due date	Nov. 17, 2021
Note	https://nvd.nist.gov/vuln/detail/CVE-2021-37973
Ransomware campaign use	Unknown

KEV

Nov. 3, 2021

Google Chromium Portals contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability affects web browsers that utilize Chromium, including Google Chrome and Microsoft Edge.

Apply updates per vendor instructions.

Nov. 17, 2021

https://nvd.nist.gov/vuln/detail/CVE-2021-37973

Unknown

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T15:09:22Z/ Found at https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://crbug.com/1251727

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T15:09:22Z/ Found at https://crbug.com/1251727

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T15:09:22Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PM7MOYYHJSWLIFZ4TPJTD7MSA3HSSLV2/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://www.debian.org/security/2022/dsa-5046

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T15:09:22Z/ Found at https://www.debian.org/security/2022/dsa-5046

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T13:02:07.154284+00:00	Gentoo Importer	Import	https://security.gentoo.org/glsa/202201-02	38.0.0

2026-04-01T13:02:07.154284+00:00

Gentoo Importer

Import

https://security.gentoo.org/glsa/202201-02

38.0.0

Vulnerability ID	VCID-97tf-qk7p-nqd6
Aliases	CVE-2021-37973
Summary	Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution of code.
Status	Published
Exploitability	2.0
Weighted Severity	8.6
Risk	10.0
Affected and Fixed Packages	Package Details

Percentile	0.91073
EPSS Score	0.06498
Published At	April 7, 2026, 12:55 p.m.