CVE-2021-21198: 
Node.js vulnerability analysis and mitigation

CVE-2021-21198 is a security vulnerability discovered in Google Chrome versions prior to 89.0.4389.114. The vulnerability was identified as an out-of-bounds read issue in the Inter-Process Communication (IPC) component of Chrome. It was reported by Mark Brand of Google Project Zero on March 3, 2021, and was patched in the stable channel update released on March 30, 2021 (Chrome Release).

The vulnerability is classified as a High severity issue with a CVSS v3.1 base score of 7.4. It involves an out-of-bounds read vulnerability in the IPC (Inter-Process Communication) component of Chrome. The vulnerability could be exploited through a crafted HTML page when the renderer process has been compromised (NVD).

If successfully exploited, this vulnerability could potentially allow a remote attacker who has already compromised the renderer process to perform a sandbox escape. This could lead to elevated privileges and compromise of browser security boundaries (NVD).

The vulnerability was patched in Chrome version 89.0.4389.114. Users and administrators are advised to upgrade to this version or later to mitigate the risk. The fix was also incorporated into various Linux distributions including Fedora, where it was included in the chromium-90.0.4430.93 update (Fedora Update).