CVE-2021-37975: 
vulnerability analysis and mitigation

CVE-2021-37975 is a Use-after-free vulnerability discovered in V8, the JavaScript engine of Google Chrome. The vulnerability was identified in versions prior to 94.0.4606.71 and was disclosed on September 30, 2021. This security flaw allowed remote attackers to potentially exploit heap corruption through a specially crafted HTML page (Chrome Releases, NVD).

The vulnerability is classified as a Use-after-free (CWE-416) issue in the V8 JavaScript engine. It received a CVSS v3.1 Base Score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating high severity with potential for remote exploitation (NVD).

The vulnerability could allow an attacker to potentially exploit heap corruption, which could lead to arbitrary code execution, information disclosure, or denial of service. The high CVSS score indicates significant potential impact on the confidentiality, integrity, and availability of affected systems (NVD).

Google released version 94.0.4606.71 of Chrome to address this vulnerability. Users and administrators are strongly advised to update to this version or later. The fix was also incorporated into Debian (version 97.0.4692.71-0.1~deb11u1) and Fedora (version 94.0.4606.81) distributions (Debian Security, Fedora Updates).