CVE-2021-21151: Use after free in Payments

Reference Links

• https://security-tracker.debian.org/tracker/CVE-2021-21151
• https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_16.html (Advisory)
• https://crbug.com/1165624
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BI6ZIJQYP5DFMYVX4J5OGOU2NQLEZ3SB/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FE5SIKEVYTMDCC5OSXGOM2KRPYLHYMQX/
• https://security.gentoo.org/glsa/202104-08
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BI6ZIJQYP5DFMYVX4J5OGOU2NQLEZ3SB/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FE5SIKEVYTMDCC5OSXGOM2KRPYLHYMQX/

Parent vulnerabilities

(Appears in the following advisories)

• 3736590772439839598

Peer vulnerabilities

(Found alongside the following vulnerabilities)

• CVE-2021-21149
• CVE-2021-21150
• CVE-2021-21152
• CVE-2021-21153
• CVE-2021-21154
• CVE-2021-21155
• CVE-2021-21156
• CVE-2021-21157

Frequently Asked Questions

• What is the severity of CVE-2021-21151?

  CVE-2021-21151 has been classified as a high severity vulnerability due to its potential for sandbox escape.

• How do I fix CVE-2021-21151?

  To fix CVE-2021-21151, update Google Chrome to version 88.0.4324.182 or later.

• What versions of Google Chrome are affected by CVE-2021-21151?

  CVE-2021-21151 affects Google Chrome versions prior to 88.0.4324.182.

• Can CVE-2021-21151 be exploited remotely?

  Yes, CVE-2021-21151 can potentially be exploited remotely via a crafted HTML page.

• Which operating systems are impacted by CVE-2021-21151?

  CVE-2021-21151 impacts various operating systems including Debian and Fedora running affected versions of Google Chrome.