Published: 16/03/2021 Updated: 01/05/2021
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

Use after free in Blink in Google Chrome before 89.0.4389.90 allowed a remote malicious user to potentially exploit heap corruption via a crafted HTML page.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

Vendor Advisories

Debian Bug report logs - #985142 chromium: CVE-2021-21193 (RCE) in Blink Package: chromium; Maintainer for chromium is Debian Chromium Team <chromium@packagesdebianorg>; Source for chromium is src:chromium (PTS, buildd, popcon) Reported by: Antonio Russo <aerusso@aerussonet> Date: Sat, 13 Mar 2021 15:42:01 UTC Se ...
A use after free security issue was found in the Blink component of the Chromium browser before version 890438990 Google is aware of reports that an exploit for this issue exists in the wild ...
Arch Linux Security Advisory ASA-202103-9 ========================================= Severity: High Date : 2021-03-13 CVE-ID : CVE-2021-21191 CVE-2021-21192 CVE-2021-21193 Package : chromium Type : arbitrary code execution Remote : Yes Link : securityarchlinuxorg/AVG-1683 Summary ======= The package chromium before version 89 ...
The Stable channel has been updated to 890438990 for Windows, Mac and Linux which will roll out over the coming days/weeksA full list of changes in this build is available in the log Interested in switching release channels?  Find out how here If you find a new issue, please let us know by filing a bug The community help forum is also a gre ...
Several vulnerabilites have been discovered in the chromium web browser CVE-2021-21159 Khalil Zhani disocvered a buffer overflow issue in the tab implementation CVE-2021-21160 Marcin Noga discovered a buffer overflow issue in WebAudio CVE-2021-21161 Khalil Zhani disocvered a buffer overflow issue in the tab implementation CVE-2021- ...
Arch Linux Security Advisory ASA-202103-19 ========================================== Severity: High Date : 2021-03-25 CVE-ID : CVE-2020-27844 CVE-2021-21159 CVE-2021-21160 CVE-2021-21161 CVE-2021-21162 CVE-2021-21163 CVE-2021-21165 CVE-2021-21166 CVE-2021-21167 CVE-2021-21168 CVE-2021-21169 CVE-2021-21170 CVE-202 ...

Recent Articles

Google fixes Chrome zero‑day bug exploited in the wild
welivesecurity • 16 Mar 2021

Google has rolled out an update for its Chrome web browser that fixes five security flaws, including a zero-day vulnerability that is known to be actively exploited by malicious actors. The bugs affect the Windows, macOS, and Linux versions of the popular browser.
“Google is aware of reports that an exploit for CVE-2021-21193 exists in the wild,” said Google about the newly disclosed zero-day vulnerability that stems from a use-after-free flaw in Blink, a browser rendering engine dev...

Google Warns Mac, Windows Users of Chrome Zero-Day Flaw
Threatpost • Lindsey O'Donnell • 15 Mar 2021

Google is hurrying out a fix for a vulnerability in its Chrome browser that’s under active attack – its third zero-day flaw so far this year. If exploited, the flaw could allow remote code-execution and denial-of-service attacks on affected systems.
The vulnerability exists in Blink, the browser engine for Chrome developed as part of the Chromium project. Browser engines convert HTML documents and other web page resources into the visual representations viewable to end users.

Google fixes second actively exploited Chrome zero-day this month
BleepingComputer • Sergiu Gatlan • 01 Jan 1970

Google has fixed a second actively exploited Chrome zero-day this month with the release of Chrome 89.0.4389.90 to the Stable desktop channel for Windows, Mac, and Linux users.
"Google is aware of reports that an exploit for CVE-2021-21193 exists in the wild," the release announcement
The zero-day tracked as
 is rated by Google as a high severity vulnerability and was reported by an Anonymous researcher on Tuesday.
Google describes it as a