Vulnerability DatabaseCVE-2021-38005

CVE-2021-38005:
vulnerability analysis and mitigation

Overview

CVE-2021-38005 is a Use-after-free vulnerability discovered in the loader component of Google Chrome versions prior to 96.0.4664.45. The vulnerability was reported by Sergei Glazunov of Google Project Zero on August 18, 2021, and was fixed in the stable channel update released in November 2021 (Chrome Release).

Technical details

The vulnerability is classified as a high-severity issue with a CVSS v3.1 base score of 8.8. It is characterized as a Use-after-free (CWE-416) vulnerability in the loader component of Chrome that could allow an attacker to potentially exploit heap corruption via a crafted HTML page (NVD).

Impact

If successfully exploited, this vulnerability could allow a remote attacker to potentially execute arbitrary code within the context of the browser through heap corruption, leading to potential system compromise. The high CVSS score indicates significant potential impact on the confidentiality, integrity, and availability of the affected system (NVD).

Mitigation and workarounds

The vulnerability was patched in Chrome version 96.0.4664.45. Users are advised to update to this version or later. The fix was also incorporated into various Linux distributions including Debian and Fedora through their respective security updates (Debian Advisory, Fedora Update).

Additional resources

Source: This report was generated using AI

View vulnerable instances

Not a Wiz customer? See which CVEs are exploitable in your environment.

Get a CVE Assessment

8.8

Score

Published December 23, 2021

Severity HIGH

CNA Score N/A

Has Public Exploit Yes

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 80

Exploitation Probability (EPSS) 1.4

Affected packages and libraries

qt5-qtwebengine-debugsource
qt5-qtwebengine-doc

Sources

Alpine Security Tracker
- Alpine 3.14, 3.15 Severity HIGHHas FixAdded at: Dec 10, 2021
- Alpine 3.16 Severity HIGHHas FixAdded at: May 24, 2022
- Alpine 3.17 Severity HIGHHas FixAdded at: Nov 23, 2022
- Alpine 3.18 Severity HIGHHas FixAdded at: May 10, 2023
- Alpine 3.19 Severity HIGHHas FixAdded at: Dec 10, 2023
- Alpine 3.20 Severity HIGHHas FixAdded at: May 26, 2024
- Alpine 3.21 Severity HIGHHas FixAdded at: Dec 08, 2024
- Alpine 3.22 Severity HIGHHas FixAdded at: Jun 01, 2025
- Alpine 3.23 Severity HIGHHas FixAdded at: Dec 04, 2025
- Alpine edge Severity HIGHHas FixAdded at: Jun 19, 2023
Debian Security Tracker
- Debian 9, 10 Severity HIGHNo FixAdded at: Mar 28, 2022
- Debian 11 Severity HIGHHas FixAdded at: Jan 15, 2022
- Debian 12 Severity HIGHHas FixAdded at: Jan 29, 2022
- Debian 13 Severity HIGHHas FixAdded at: Jun 11, 2023
- Debian 14 Severity HIGHHas FixAdded at: Aug 10, 2025
Echo
- Echo Severity HIGHHas FixAdded at: Nov 18, 2025
Gentoo Advisory Database
- Gentoo Severity HIGHHas FixAdded at: Jul 24, 2022
Nix
- Nix Severity HIGHHas FixAdded at: May 26, 2024
Ubuntu Security Tracker
- Ubuntu 18.04 Severity MEDIUMHas FixAdded at: Dec 24, 2021
NVD
- Linux Severity HIGHHas FixAdded at: Dec 28, 2021
- Windows Severity HIGHHas FixAdded at: Dec 28, 2021