CVE-2021-37991: 
vulnerability analysis and mitigation

A race condition vulnerability (CVE-2021-37991) was discovered in the V8 engine of Google Chrome versions prior to 95.0.4638.54. The vulnerability was reported by Samuel Groß of Google Project Zero on September 17, 2021, and was patched in the stable channel update released on October 19, 2021 (Chrome Release).

The vulnerability is classified as a race condition (CWE-362) in the V8 JavaScript engine that could potentially lead to heap corruption when triggered via a specially crafted HTML page. The vulnerability received a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating that it is network exploitable but requires high attack complexity and user interaction (NVD).

If successfully exploited, this vulnerability could allow a remote attacker to potentially achieve heap corruption, which could lead to arbitrary code execution, information disclosure, or denial of service on affected systems (Debian Advisory).

The vulnerability was fixed in Google Chrome version 95.0.4638.54. Users and administrators are advised to update to this version or later. For Debian systems, the fix was included in version 97.0.4692.71-0.1~deb11u1 for the bullseye distribution (Debian Advisory).