CVE-2021-21195: 
Node.js vulnerability analysis and mitigation

CVE-2021-21195 is a Use-after-free vulnerability discovered in the V8 JavaScript engine of Google Chrome versions prior to 89.0.4389.114. The vulnerability was reported by Bohan Liu (@P4nda20371774) and Moon Liang of Tencent Security Xuanwu Lab on February 26, 2021, and was awarded a $15,000 bounty (Chrome Release).

The vulnerability is classified as a Use-after-free (UAF) issue specifically affecting the V8 JavaScript engine in Google Chrome. This type of vulnerability occurs when the program continues to use a memory location after it has been freed, which can lead to program crashes or potential code execution. The issue was deemed serious enough to warrant a High severity rating and a significant bug bounty (Chrome Release).

The vulnerability allows a remote attacker to potentially exploit heap corruption via a crafted HTML page, which could lead to arbitrary code execution within the context of the browser (Debian Tracker).

The vulnerability was patched in Chrome version 89.0.4389.114. Users and administrators are advised to upgrade to this version or later to mitigate the risk. The fix was also incorporated into various Linux distributions including Fedora, Debian, and Gentoo through their respective security updates (Gentoo Security).