CVE-2021-38001

HIGH

Google Chrome <95.0.4638.69 - Heap Corruption

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2021-38001. PoCs published by Peterpan0927, maldiohead.

AI-analyzed exploit summary The repository contains only a minimal README with a single command to run a JavaScript file (2.mjs) using the V8 engine's d8 shell, but no actual exploit code or technical details are provided.

Description

Type confusion in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Exploits (2)

nomisec STUB 23 stars

by Peterpan0927 · poc

https://github.com/Peterpan0927/TFC-Chrome-v8-bug-CVE-2021-38001-poc

View Code ZIP pw:eip

The repository contains only a minimal README with a single command to run a JavaScript file (2.mjs) using the V8 engine's d8 shell, but no actual exploit code or technical details are provided.

Classification

Stub 90%

Attack Type

Other

Complexity

Theoretical

Reliability

Theoretical

Target: Google Chrome V8 engine

No auth needed

Prerequisites: V8 engine (d8 shell) · JavaScript file (2.mjs)

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec STUB 6 stars

by maldiohead · poc

https://github.com/maldiohead/TFC-Chrome-v8-bug-CVE-2021-38001-poc

View Code ZIP pw:eip

The repository contains only a minimal README with a command to run a JavaScript file (2.mjs) using the V8 engine's d8 shell, but no actual exploit code or technical details are provided.

Classification

Stub 90%

Attack Type

Other

Complexity

Theoretical

Reliability

Theoretical

Target: Google Chrome V8 engine

No auth needed

Prerequisites: V8 engine (d8 shell) · JavaScript file (2.mjs)

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

Release Notes, Vendor Advisory x_refsource_misc

https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html

Permissions Required, Vendor Advisory x_refsource_misc

https://crbug.com/1260577

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744/

Third Party Advisory vendor-advisory x_refsource_debian

https://www.debian.org/security/2022/dsa-5046

Scores

CVSS v3 8.8

EPSS 0.2670

EPSS Percentile 97.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-843

Status published

Products (4)

debian/debian_linux 10.0

debian/debian_linux 11.0

fedoraproject/fedora 34

google/chrome < 95.0.4638.69

Published Nov 23, 2021

Tracked Since Feb 18, 2026