What is CVE-2021-4102?

CVE-2021-4102 is a use-after-free vulnerability in the V8 engine in Google Chromium V8 Engine, allowing a remote attacker to potentially exploit heap corruption via a crafted HTML page.

What is the severity of CVE-2021-4102?

The severity of CVE-2021-4102 is high with a CVSS score of 8.8.

Which software is affected by CVE-2021-4102?

Google Chromium V8 Engine and Google Chrome versions up to 96.0.4664.110 are affected by CVE-2021-4102.

How can I fix CVE-2021-4102?

To fix CVE-2021-4102, update your Google Chrome or Google Chromium V8 Engine to version 96.0.4664.110 or later.

Where can I find more information about CVE-2021-4102?

You can find more information about CVE-2021-4102 in the references provided: [1](https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop_13.html), [2](https://crbug.com/1278387), [3](https://security-tracker.debian.org/tracker/CVE-2021-4102).

Vulnerability/
CVE-2021-4102

Exploited

high

8.8

CWE

416

9/12/2021

11/2/2022

3/8/2024

CVE-2021-4102: Google Chromium V8 Use-After-Free Vulnerability

First published: Thu Dec 09 2021(Updated: )

Google Chromium V8 Engine contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Credit: chrome-cve-admin@google.com Anonymous chrome-cve-admin@google.com

Affected Software	Affected Version	How to fix
debian/chromium	<=90.0.4430.212-1~deb10u1	116.0.5845.180-1~deb11u1 118.0.5993.70-1~deb11u1 116.0.5845.180-1~deb12u1 118.0.5993.70-1~deb12u1 118.0.5993.70-1
Google Chrome	<96.0.4664.110
Google Chrome	<96.0.4664.110	96.0.4664.110
Google Chromium V8
	<96.0.4664.110

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

1169691578072612224

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is CVE-2021-4102?
CVE-2021-4102 is a use-after-free vulnerability in the V8 engine in Google Chromium V8 Engine, allowing a remote attacker to potentially exploit heap corruption via a crafted HTML page.
What is the severity of CVE-2021-4102?
The severity of CVE-2021-4102 is high with a CVSS score of 8.8.
Which software is affected by CVE-2021-4102?
Google Chromium V8 Engine and Google Chrome versions up to 96.0.4664.110 are affected by CVE-2021-4102.
How can I fix CVE-2021-4102?
To fix CVE-2021-4102, update your Google Chrome or Google Chromium V8 Engine to version 96.0.4664.110 or later.
Where can I find more information about CVE-2021-4102?
You can find more information about CVE-2021-4102 in the references provided: [1](https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop_13.html), [2](https://crbug.com/1278387), [3](https://security-tracker.debian.org/tracker/CVE-2021-4102).

collector/security-tracker-debian
agent/type
collector/nvd-index
agent/software-canonical-lookup-request
agent/weakness
agent/title
agent/description
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/author
agent/first-publish-date
exploited/true
collector/chrome-releases
agent/software-canonical-lookup
agent/softwarecombine
agent/event
collector/cisa-known-exploited
source/CISA
agent/references
agent/tags
collector/nvd-cve
source/NVD
package-manager/debian
vendor/google
canonical/google chrome
canonical/google chromium v8