Search for vulnerabilities
Vulnerability details: VCID-ec2h-amcb-vbab
Vulnerability ID VCID-ec2h-amcb-vbab
Aliases CVE-2021-21193
Summary Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Status Published
Exploitability 2.0
Weighted Severity 8.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-416 Use After Free
System Score Found at
epss 0.09663 https://api.first.org/data/v1/epss?cve=CVE-2021-21193
epss 0.09663 https://api.first.org/data/v1/epss?cve=CVE-2021-21193
epss 0.12582 https://api.first.org/data/v1/epss?cve=CVE-2021-21193
epss 0.12582 https://api.first.org/data/v1/epss?cve=CVE-2021-21193
epss 0.12582 https://api.first.org/data/v1/epss?cve=CVE-2021-21193
epss 0.12582 https://api.first.org/data/v1/epss?cve=CVE-2021-21193
epss 0.12582 https://api.first.org/data/v1/epss?cve=CVE-2021-21193
epss 0.12582 https://api.first.org/data/v1/epss?cve=CVE-2021-21193
epss 0.12582 https://api.first.org/data/v1/epss?cve=CVE-2021-21193
epss 0.12582 https://api.first.org/data/v1/epss?cve=CVE-2021-21193
epss 0.12582 https://api.first.org/data/v1/epss?cve=CVE-2021-21193
epss 0.12582 https://api.first.org/data/v1/epss?cve=CVE-2021-21193
epss 0.12582 https://api.first.org/data/v1/epss?cve=CVE-2021-21193
epss 0.12582 https://api.first.org/data/v1/epss?cve=CVE-2021-21193
epss 0.12582 https://api.first.org/data/v1/epss?cve=CVE-2021-21193
epss 0.12582 https://api.first.org/data/v1/epss?cve=CVE-2021-21193
epss 0.12582 https://api.first.org/data/v1/epss?cve=CVE-2021-21193
epss 0.12582 https://api.first.org/data/v1/epss?cve=CVE-2021-21193
epss 0.12582 https://api.first.org/data/v1/epss?cve=CVE-2021-21193
epss 0.12582 https://api.first.org/data/v1/epss?cve=CVE-2021-21193
epss 0.12582 https://api.first.org/data/v1/epss?cve=CVE-2021-21193
cvssv3.1 8.8 https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html
ssvc Attend https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html
cvssv3.1 8.8 https://crbug.com/1186287
ssvc Attend https://crbug.com/1186287
cvssv3.1 8.8 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N52OWF4BAP3JNK2QYGU3Q6QUVDZDCIMQ/
ssvc Attend https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N52OWF4BAP3JNK2QYGU3Q6QUVDZDCIMQ/
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21193
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21193
archlinux High https://security.archlinux.org/AVG-1633
archlinux High https://security.archlinux.org/AVG-1683
cvssv3.1 8.8 https://security.gentoo.org/glsa/202104-08
ssvc Attend https://security.gentoo.org/glsa/202104-08
cvssv3.1 8.8 https://www.debian.org/security/2021/dsa-4886
ssvc Attend https://www.debian.org/security/2021/dsa-4886
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2021-21193
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21159
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21160
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21161
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21162
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21163
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21165
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21166
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21167
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21168
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21169
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21170
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21171
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21172
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21173
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21174
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21175
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21176
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21177
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21178
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21179
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21180
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21181
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21182
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21183
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21184
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21185
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21186
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21187
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21188
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21189
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21190
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21191
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21192
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21193
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21194
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21195
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21196
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21197
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21198
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21199
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21200
1186287 https://crbug.com/1186287
202104-08 https://security.gentoo.org/glsa/202104-08
985142 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985142
ASA-202103-19 https://security.archlinux.org/ASA-202103-19
ASA-202103-9 https://security.archlinux.org/ASA-202103-9
AVG-1633 https://security.archlinux.org/AVG-1633
AVG-1683 https://security.archlinux.org/AVG-1683
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
CVE-2021-21193 https://nvd.nist.gov/vuln/detail/CVE-2021-21193
dsa-4886 https://www.debian.org/security/2021/dsa-4886
N52OWF4BAP3JNK2QYGU3Q6QUVDZDCIMQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N52OWF4BAP3JNK2QYGU3Q6QUVDZDCIMQ/
stable-channel-update-for-desktop_12.html https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html
Data source KEV
Date added Nov. 3, 2021
Description Google Chromium Blink contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Required action Apply updates per vendor instructions.
Due date Nov. 17, 2021
Note 
https://nvd.nist.gov/vuln/detail/CVE-2021-21193
Ransomware campaign use Unknown
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T16:54:07Z/ Found at https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://crbug.com/1186287
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T16:54:07Z/ Found at https://crbug.com/1186287
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N52OWF4BAP3JNK2QYGU3Q6QUVDZDCIMQ/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T16:54:07Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N52OWF4BAP3JNK2QYGU3Q6QUVDZDCIMQ/
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2021-21193
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-21193
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/202104-08
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T16:54:07Z/ Found at https://security.gentoo.org/glsa/202104-08
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.debian.org/security/2021/dsa-4886
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T16:54:07Z/ Found at https://www.debian.org/security/2021/dsa-4886
Exploit Prediction Scoring System (EPSS)
Percentile 0.92625
EPSS Score 0.09663
Published At Sept. 23, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:30:18.277285+00:00 Alpine Linux Importer Import https://secdb.alpinelinux.org/v3.21/community.json 37.0.0