CVE-2021-21191

HIGH

Google Chrome <89.0.4389.90 - Use After Free

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-21191. PoCs published by JacobTaylor3.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2021-21191, leveraging a type confusion vulnerability in V8 to achieve arbitrary read/write and execute shellcode. The exploit uses WebAssembly and crafted JavaScript to bypass security checks and gain RCE.

Description

Use after free in WebRTC in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Exploits (1)

nomisec WORKING POC
by JacobTaylor3 · poc
https://github.com/JacobTaylor3/CVE-2021-21191---CVE-2021-21192

This repository contains a functional exploit for CVE-2021-21191, leveraging a type confusion vulnerability in V8 to achieve arbitrary read/write and execute shellcode. The exploit uses WebAssembly and crafted JavaScript to bypass security checks and gain RCE.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Chromium V8 (Chrome 88.0.4324.150)
No auth needed
Prerequisites: Specific Chromium build (848005) · No sandbox mode
devstral-2 · analyzed Apr 10, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://crbug.com/1167357
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2021/dsa-4886
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/202104-08

Scores

CVSS v3 8.8
EPSS 0.0137
EPSS Percentile 68.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-416
Status published
Products (3)
debian/debian_linux 10.0
fedoraproject/fedora 32
google/chrome < 89.0.4389.90
Published Mar 16, 2021
Tracked Since Feb 18, 2026