Vulnerability Details : CVE-2021-37973

Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Vulnerability category: Memory Corruption
Published 2021-10-08 22:15:08
Updated 2022-03-30 14:17:31
Source Chrome
View at NVD,
CVE-2021-37973 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Google Chromium Use-After-Free Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Google Chromium Portals contains a use-after-free vulnerability that allows a remote attacker, who had compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability affects web browsers that utilize Chromium, including Google Chrome and Microso
Added on 2021-11-03 Action due date 2021-11-17

Exploit prediction scoring system (EPSS) score for CVE-2021-37973

Probability of exploitation activity in the next 30 days: 0.56%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 75 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2021-37973

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Source

CWE ids for CVE-2021-37973

  • Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
    Assigned by: (Primary)

References for CVE-2021-37973

Products affected by CVE-2021-37973

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to terms of use!