High severity8.8NVD Advisory· Published Nov 2, 2021· Updated Jun 17, 2026
CVE-2021-37993
CVE-2021-37993
Description
Use after free in PDF Accessibility in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Affected products
9- osv-coords7 versionspkg:rpm/opensuse/chromium&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/chromium&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/chromium&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/opera&distro=openSUSE%20Leap%2015.2%20NonFreepkg:rpm/opensuse/opera&distro=openSUSE%20Leap%2015.3%20NonFreepkg:rpm/opensuse/opera&distro=openSUSE%20Leap%2015.4%20NonFreepkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2015%20SP3
< 95.0.4638.54-lp152.2.135.1+ 6 more
- (no CPE)range: < 95.0.4638.54-lp152.2.135.1
- (no CPE)range: < 95.0.4638.54-bp153.2.37.1
- (no CPE)range: < 95.0.4638.54-1.1
- (no CPE)range: < 81.0.4196.31-lp152.2.76.1
- (no CPE)range: < 81.0.4196.31-lp153.2.30.1
- (no CPE)range: < 85.0.4341.28-lp154.2.5.1
- (no CPE)range: < 95.0.4638.54-bp153.2.37.1
Patches
Vulnerability mechanics
References
3- chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.htmlnvdVendor Advisory
- crbug.com/1255332nvdPermissions RequiredVendor Advisory
- www.debian.org/security/2022/dsa-5046nvdThird Party Advisory
News mentions
0No linked articles in our index yet.