Search for vulnerabilities
Vulnerability details: VCID-qqgy-jq6s-2fdx
Vulnerability ID VCID-qqgy-jq6s-2fdx
Aliases CVE-2021-21166
Summary Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Status Published
Exploitability 2.0
Weighted Severity 8.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
System Score Found at
epss 0.40875 https://api.first.org/data/v1/epss?cve=CVE-2021-21166
epss 0.41931 https://api.first.org/data/v1/epss?cve=CVE-2021-21166
epss 0.41931 https://api.first.org/data/v1/epss?cve=CVE-2021-21166
epss 0.41931 https://api.first.org/data/v1/epss?cve=CVE-2021-21166
epss 0.41931 https://api.first.org/data/v1/epss?cve=CVE-2021-21166
epss 0.41931 https://api.first.org/data/v1/epss?cve=CVE-2021-21166
epss 0.41931 https://api.first.org/data/v1/epss?cve=CVE-2021-21166
epss 0.41931 https://api.first.org/data/v1/epss?cve=CVE-2021-21166
epss 0.41931 https://api.first.org/data/v1/epss?cve=CVE-2021-21166
epss 0.41931 https://api.first.org/data/v1/epss?cve=CVE-2021-21166
epss 0.41931 https://api.first.org/data/v1/epss?cve=CVE-2021-21166
epss 0.41931 https://api.first.org/data/v1/epss?cve=CVE-2021-21166
epss 0.41931 https://api.first.org/data/v1/epss?cve=CVE-2021-21166
epss 0.41931 https://api.first.org/data/v1/epss?cve=CVE-2021-21166
epss 0.41931 https://api.first.org/data/v1/epss?cve=CVE-2021-21166
epss 0.41931 https://api.first.org/data/v1/epss?cve=CVE-2021-21166
epss 0.41931 https://api.first.org/data/v1/epss?cve=CVE-2021-21166
epss 0.41931 https://api.first.org/data/v1/epss?cve=CVE-2021-21166
epss 0.41931 https://api.first.org/data/v1/epss?cve=CVE-2021-21166
epss 0.41931 https://api.first.org/data/v1/epss?cve=CVE-2021-21166
epss 0.41931 https://api.first.org/data/v1/epss?cve=CVE-2021-21166
epss 0.43438 https://api.first.org/data/v1/epss?cve=CVE-2021-21166
cvssv3.1 8.8 https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
ssvc Attend https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
cvssv3.1 8.8 https://crbug.com/1177465
ssvc Attend https://crbug.com/1177465
cvssv3.1 8.8 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BBT54RKAE5XLMWSHLVUKJ7T2XHHYMXLH/
ssvc Attend https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BBT54RKAE5XLMWSHLVUKJ7T2XHHYMXLH/
cvssv3.1 8.8 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FE5SIKEVYTMDCC5OSXGOM2KRPYLHYMQX/
ssvc Attend https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FE5SIKEVYTMDCC5OSXGOM2KRPYLHYMQX/
cvssv3.1 8.8 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCIDZ77XUDMB2EBPPWCQXPEIJERDNSNT/
ssvc Attend https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCIDZ77XUDMB2EBPPWCQXPEIJERDNSNT/
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21166
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21166
archlinux High https://security.archlinux.org/AVG-1631
archlinux High https://security.archlinux.org/AVG-1633
cvssv3.1 8.8 https://security.gentoo.org/glsa/202104-08
ssvc Attend https://security.gentoo.org/glsa/202104-08
cvssv3.1 8.8 https://www.debian.org/security/2021/dsa-4886
ssvc Attend https://www.debian.org/security/2021/dsa-4886
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2021-21166
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21159
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21160
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21161
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21162
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21163
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21165
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21166
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21167
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21168
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21169
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21170
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21171
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21172
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21173
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21174
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21175
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21176
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21177
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21178
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21179
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21180
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21181
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21182
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21183
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21184
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21185
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21186
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21187
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21188
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21189
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21190
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21191
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21192
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21193
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21194
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21195
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21196
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21197
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21198
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21199
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21200
1177465 https://crbug.com/1177465
202104-08 https://security.gentoo.org/glsa/202104-08
ASA-202103-19 https://security.archlinux.org/ASA-202103-19
AVG-1631 https://security.archlinux.org/AVG-1631
AVG-1633 https://security.archlinux.org/AVG-1633
BBT54RKAE5XLMWSHLVUKJ7T2XHHYMXLH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BBT54RKAE5XLMWSHLVUKJ7T2XHHYMXLH/
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
CVE-2021-21166 https://nvd.nist.gov/vuln/detail/CVE-2021-21166
dsa-4886 https://www.debian.org/security/2021/dsa-4886
FE5SIKEVYTMDCC5OSXGOM2KRPYLHYMQX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FE5SIKEVYTMDCC5OSXGOM2KRPYLHYMQX/
LCIDZ77XUDMB2EBPPWCQXPEIJERDNSNT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCIDZ77XUDMB2EBPPWCQXPEIJERDNSNT/
stable-channel-update-for-desktop.html https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
Data source KEV
Date added Nov. 3, 2021
Description Google Chromium contains a race condition vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Required action Apply updates per vendor instructions.
Due date Nov. 17, 2021
Note 
https://nvd.nist.gov/vuln/detail/CVE-2021-21166
Ransomware campaign use Unknown
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T16:54:53Z/ Found at https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://crbug.com/1177465
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T16:54:53Z/ Found at https://crbug.com/1177465
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BBT54RKAE5XLMWSHLVUKJ7T2XHHYMXLH/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T16:54:53Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BBT54RKAE5XLMWSHLVUKJ7T2XHHYMXLH/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FE5SIKEVYTMDCC5OSXGOM2KRPYLHYMQX/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T16:54:53Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FE5SIKEVYTMDCC5OSXGOM2KRPYLHYMQX/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCIDZ77XUDMB2EBPPWCQXPEIJERDNSNT/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T16:54:53Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCIDZ77XUDMB2EBPPWCQXPEIJERDNSNT/
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2021-21166
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-21166
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/202104-08
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T16:54:53Z/ Found at https://security.gentoo.org/glsa/202104-08
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.debian.org/security/2021/dsa-4886
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T16:54:53Z/ Found at https://www.debian.org/security/2021/dsa-4886
Exploit Prediction Scoring System (EPSS)
Percentile 0.97296
EPSS Score 0.40875
Published At Sept. 25, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:28:41.677692+00:00 Alpine Linux Importer Import https://secdb.alpinelinux.org/v3.17/community.json 37.0.0