CVE-2021-4102
HIGH KEVGoogle Chrome < 96.0.4664.110 - Use-After-Free in V8
Title source: llmExploitation Summary
CVE-2021-4102 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added December 15, 2021.
Description
Use after free in V8 in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
References (3)
Core 3
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop_13.html
Third Party Advisory x_refsource_misc
https://crbug.com/1278387
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-4102
Scores
CVSS v3
8.8
EPSS
0.0546
EPSS Percentile
90.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2021-12-15
VulnCheck KEV
2021-12-09
InTheWild.io
2021-12-09
ENISA EUVD
EUVD-2021-33987
CWE
CWE-416
Status
published
Products (1)
google/chrome
< 96.0.4664.110
Published
Feb 11, 2022
KEV Added
Dec 15, 2021
Tracked Since
Feb 18, 2026