Login Sign Up

CVE-2021-21223

9.6 CRITICAL

📋 TL;DR

This CVE describes an integer overflow vulnerability in Chrome's Mojo IPC framework that could allow a remote attacker who has already compromised the renderer process to escape the browser sandbox. The vulnerability affects Google Chrome versions prior to 90.0.4430.85. Users who visit malicious websites with vulnerable Chrome versions are at risk.

💻 Affected Systems

Products:
  • Google Chrome
  • Chromium-based browsers
Versions: Versions prior to 90.0.4430.85
Operating Systems: Windows, Linux, macOS, Android
Default Config Vulnerable: ⚠️ Yes
Notes: All default Chrome configurations with sandbox enabled are vulnerable. The vulnerability requires the attacker to first compromise the renderer process through another exploit.

📦 What is this software?

Chrome by Google

Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...

Learn more about Chrome →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via sandbox escape leading to arbitrary code execution with the privileges of the Chrome process, potentially allowing installation of malware, data theft, or system takeover.

🟠

Likely Case

Attackers combine this vulnerability with other exploits to achieve full sandbox escape and execute arbitrary code on the target system.

🟢

If Mitigated

With proper controls like Chrome's sandbox enabled and up-to-date versions, the impact is limited to the sandboxed renderer process only.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires chaining with another vulnerability to first compromise the renderer process. The integer overflow then enables sandbox escape.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 90.0.4430.85 and later

Vendor Advisory: https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_20.html

Restart Required: Yes

Instructions:

1. Open Chrome and click the three-dot menu. 2. Go to Help > About Google Chrome. 3. Chrome will automatically check for updates and install version 90.0.4430.85 or later. 4. Click 'Relaunch' to restart Chrome with the update.

🔧 Temporary Workarounds

Disable JavaScript

all

Prevents initial renderer compromise by disabling JavaScript execution, though this breaks most web functionality.

🧯 If You Can't Patch

  • Restrict Chrome usage to trusted websites only
  • Implement application whitelisting to prevent unauthorized Chrome execution

🔍 How to Verify

Check if Vulnerable:

Check Chrome version by navigating to chrome://version/ and verifying version is below 90.0.4430.85

Check Version:

google-chrome --version

Verify Fix Applied:

Confirm Chrome version is 90.0.4430.85 or higher via chrome://version/

📡 Detection & Monitoring

Log Indicators:

  • Chrome crash reports with sandbox violation indicators
  • Unexpected Chrome child process termination

Network Indicators:

  • Unusual outbound connections from Chrome processes
  • Traffic to known exploit hosting domains

SIEM Query:

process_name:"chrome.exe" AND (event_id:1000 OR event_id:1001) AND description:"sandbox"

📊 Metadata

CVE ID: CVE-2021-21223
CVSS v3 Score: 9.6 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CWE: CWE-190
Published: April 26, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-21223, you might also want to check these:

CVE-2025-64721 10.0

This vulnerability in Sandboxie allows sandboxed processes to exploit an integer overflow in the Sbi...

Same vulnerability type (CWE-190)
CVE-2025-52581 9.8

An integer overflow vulnerability in libbiosig's GDF file parsing allows arbitrary code execution wh...

Same vulnerability type (CWE-190)
CVE-2025-53518 9.8

An integer overflow vulnerability in libbiosig's ABF file parser allows arbitrary code execution whe...

Same vulnerability type (CWE-190)