CVE-2021-38011: 
vulnerability analysis and mitigation

Use after free vulnerability (CVE-2021-38011) was discovered in the storage foundation component of Google Chrome versions prior to 96.0.4664.45. The vulnerability was reported by Sergei Glazunov of Google Project Zero on November 9, 2021 (Chrome Release).

The vulnerability is classified as a Use-After-Free (UAF) issue in Chrome's storage foundation component, which could allow an attacker to potentially exploit heap corruption through a crafted HTML page. The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating network accessibility with low attack complexity but requiring user interaction (NVD).

If successfully exploited, this vulnerability could allow a remote attacker to potentially execute arbitrary code within the context of the browser, leading to heap corruption through a specially crafted HTML page. The high CVSS score indicates potential severe impacts on confidentiality, integrity, and availability of the affected system (NVD).

Google addressed this vulnerability in Chrome version 96.0.4664.45. Users are advised to update to this version or later. The fix was also incorporated into various Linux distributions, including Debian 11 (Bullseye) in version 97.0.4692.71-0.1~deb11u1 and Fedora 34 in version 96.0.4664.110-3.fc34 (Debian Advisory, Fedora Update).