CVE-2021-37957: 
vulnerability analysis and mitigation

CVE-2021-37957 is a Use-after-free vulnerability discovered in WebGPU component of Google Chrome versions prior to 94.0.4606.54. The vulnerability was reported by Looben Yang on August 23, 2021, and was fixed in Chrome version 94.0.4606.54 released in September 2021 (Chrome Release).

The vulnerability is classified as a Use-after-free (UAF) issue in the WebGPU component of Google Chrome. WebGPU is a new web API that provides access to GPU hardware for rendering and computation. The vulnerability could be triggered via a crafted HTML page. Google awarded a bounty of $7,500 for this vulnerability report, indicating its significant severity (Chrome Release).

If successfully exploited, this vulnerability could allow a remote attacker to potentially exploit heap corruption through a specially crafted HTML page, which could lead to arbitrary code execution within the context of the browser (CVE Mitre).

The vulnerability was patched in Chrome version 94.0.4606.54. Users and organizations are advised to upgrade to this version or later. The fix was also incorporated into various Linux distributions including Debian and Fedora through their respective security updates (Debian Security, Fedora Update).