Login Sign Up

CVE-2021-21201

9.6 CRITICAL

📋 TL;DR

This is a use-after-free vulnerability in Google Chrome's permissions system that allows an attacker who has already compromised the renderer process to potentially escape the browser sandbox. Attackers could execute arbitrary code with higher privileges by tricking users into visiting a malicious webpage. All Chrome users prior to version 90.0.4430.72 are affected.

💻 Affected Systems

Products:
  • Google Chrome
  • Chromium-based browsers
Versions: All versions prior to 90.0.4430.72
Operating Systems: Windows, Linux, macOS, Android
Default Config Vulnerable: ⚠️ Yes
Notes: Requires renderer process compromise first, which typically requires another vulnerability or user interaction.

📦 What is this software?

Chrome by Google

Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...

Learn more about Chrome →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via sandbox escape leading to arbitrary code execution with user privileges, potentially enabling persistence, data theft, and lateral movement.

🟠

Likely Case

Limited sandbox escape allowing attackers to perform actions with elevated privileges within the browser context, potentially accessing local files or system resources.

🟢

If Mitigated

Contained within browser sandbox with no privilege escalation if renderer process compromise hasn't occurred.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Requires chaining with another vulnerability to first compromise renderer process, then exploiting this for sandbox escape.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 90.0.4430.72 and later

Vendor Advisory: https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html

Restart Required: Yes

Instructions:

1. Open Chrome and click the three-dot menu. 2. Go to Help > About Google Chrome. 3. Chrome will automatically check for updates and install version 90.0.4430.72 or later. 4. Click 'Relaunch' to restart Chrome.

🔧 Temporary Workarounds

Disable JavaScript

all

Prevents exploitation by disabling JavaScript execution, but breaks most web functionality.

Use Site Isolation

all

Enable site isolation to contain renderer process compromises.

Navigate to chrome://flags/#enable-site-per-process and enable it

🧯 If You Can't Patch

  • Restrict browser usage to trusted websites only
  • Implement application whitelisting to prevent unauthorized Chrome execution

🔍 How to Verify

Check if Vulnerable:

Check Chrome version by navigating to chrome://settings/help or clicking Help > About Google Chrome.

Check Version:

google-chrome --version (Linux) or "C:\Program Files\Google\Chrome\Application\chrome.exe" --version (Windows)

Verify Fix Applied:

Verify Chrome version is 90.0.4430.72 or higher in About Google Chrome page.

📡 Detection & Monitoring

Log Indicators:

  • Chrome crash reports with suspicious memory access patterns
  • Unexpected Chrome child process creation with elevated privileges

Network Indicators:

  • Connections to known malicious domains followed by unusual local system activity

SIEM Query:

process_name:"chrome.exe" AND (parent_process_name:"chrome.exe" AND command_line:"--type=*" AND NOT command_line:"--type=renderer")

📊 Metadata

CVE ID: CVE-2021-21201
CVSS v3 Score: 9.6 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CWE: CWE-416
Published: April 26, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-21201, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)