High severity8.8NVD Advisory· Published Nov 2, 2021· Updated Jun 17, 2026
CVE-2021-37977
CVE-2021-37977
Description
Use after free in Garbage Collection in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7- osv-coords5 versionspkg:rpm/opensuse/chromium&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/chromium&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/opera&distro=openSUSE%20Leap%2015.2%20NonFreepkg:rpm/opensuse/opera&distro=openSUSE%20Leap%2015.3%20NonFreepkg:rpm/opensuse/opera&distro=openSUSE%20Leap%2015.4%20NonFree
< 94.0.4606.81-lp152.2.132.1+ 4 more
- (no CPE)range: < 94.0.4606.81-lp152.2.132.1
- (no CPE)range: < 94.0.4606.81-1.1
- (no CPE)range: < 80.0.4170.63-lp152.2.73.1
- (no CPE)range: < 80.0.4170.63-lp153.2.27.1
- (no CPE)range: < 85.0.4341.28-lp154.2.5.1
Patches
Vulnerability mechanics
References
4- chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop.htmlnvdVendor Advisory
- crbug.com/1252878nvdPermissions RequiredVendor Advisory
- www.debian.org/security/2022/dsa-5046nvdThird Party Advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNARCF5HEZK7GJXZRN5TQ45AQDCRM2WO/nvd
News mentions
0No linked articles in our index yet.