Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-u8ag-fqsw-1yb7
Vulnerability ID VCID-u8ag-fqsw-1yb7
Aliases CVE-2021-21193
Summary Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution of code.
Status Published
Exploitability 2.0
Weighted Severity 8.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.21278 https://api.first.org/data/v1/epss?cve=CVE-2021-21193
epss 0.21278 https://api.first.org/data/v1/epss?cve=CVE-2021-21193
epss 0.21278 https://api.first.org/data/v1/epss?cve=CVE-2021-21193
epss 0.21278 https://api.first.org/data/v1/epss?cve=CVE-2021-21193
epss 0.21278 https://api.first.org/data/v1/epss?cve=CVE-2021-21193
epss 0.21278 https://api.first.org/data/v1/epss?cve=CVE-2021-21193
epss 0.21278 https://api.first.org/data/v1/epss?cve=CVE-2021-21193
epss 0.21278 https://api.first.org/data/v1/epss?cve=CVE-2021-21193
cvssv3.1 8.8 https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html
ssvc Attend https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html
cvssv3.1 8.8 https://crbug.com/1186287
ssvc Attend https://crbug.com/1186287
cvssv3.1 8.8 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N52OWF4BAP3JNK2QYGU3Q6QUVDZDCIMQ/
ssvc Attend https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N52OWF4BAP3JNK2QYGU3Q6QUVDZDCIMQ/
archlinux High https://security.archlinux.org/AVG-1633
archlinux High https://security.archlinux.org/AVG-1683
cvssv3.1 8.8 https://security.gentoo.org/glsa/202104-08
ssvc Attend https://security.gentoo.org/glsa/202104-08
cvssv3.1 8.8 https://www.debian.org/security/2021/dsa-4886
ssvc Attend https://www.debian.org/security/2021/dsa-4886
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2021-21193
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21159
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21160
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21161
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21162
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21163
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21165
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21166
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21167
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21168
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21169
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21170
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21171
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21172
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21173
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21174
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21175
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21176
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21177
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21178
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21179
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21180
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21181
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21182
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21183
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21184
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21185
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21186
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21187
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21188
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21189
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21190
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21191
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21192
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21193
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21194
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21195
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21196
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21197
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21198
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21199
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21200
1186287 https://crbug.com/1186287
985142 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985142
ASA-202103-19 https://security.archlinux.org/ASA-202103-19
ASA-202103-9 https://security.archlinux.org/ASA-202103-9
AVG-1633 https://security.archlinux.org/AVG-1633
AVG-1683 https://security.archlinux.org/AVG-1683
dsa-4886 https://www.debian.org/security/2021/dsa-4886
GLSA-202104-08 https://security.gentoo.org/glsa/202104-08
N52OWF4BAP3JNK2QYGU3Q6QUVDZDCIMQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N52OWF4BAP3JNK2QYGU3Q6QUVDZDCIMQ/
stable-channel-update-for-desktop_12.html https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html
Data source KEV
Date added Nov. 3, 2021
Description Google Chromium Blink contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Required action Apply updates per vendor instructions.
Due date Nov. 17, 2021
Note 
https://nvd.nist.gov/vuln/detail/CVE-2021-21193
Ransomware campaign use Unknown
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T16:54:07Z/ Found at https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://crbug.com/1186287
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T16:54:07Z/ Found at https://crbug.com/1186287
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N52OWF4BAP3JNK2QYGU3Q6QUVDZDCIMQ/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T16:54:07Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N52OWF4BAP3JNK2QYGU3Q6QUVDZDCIMQ/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/202104-08
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T16:54:07Z/ Found at https://security.gentoo.org/glsa/202104-08
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.debian.org/security/2021/dsa-4886
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T16:54:07Z/ Found at https://www.debian.org/security/2021/dsa-4886
Exploit Prediction Scoring System (EPSS)
Percentile 0.95646
EPSS Score 0.21278
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:14:37.046699+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/202104-08 38.0.0