CVE-2021-38023: 
Google Chrome vulnerability analysis and mitigation

Use after free vulnerability (CVE-2021-38023) was discovered in the Extensions component of Google Chrome prior to version 92.0.4515.107. The vulnerability allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page (NVD).

The vulnerability is a heap-use-after-free issue in the task_manager component of Chrome's Extensions system. The issue occurs when TaskGroup::RefreshNaClDebugStubPort() reports its result synchronously instead of asynchronously with the ProcessHostOnUI feature enabled. This leads to a dangling pointer scenario where the TaskGroup object is deleted while still in use during TaskGroup::Refresh() (Chromium Issue).

This vulnerability has been rated as High severity with a CVSS v3.1 base score of 8.8. If successfully exploited, it could allow an attacker to execute arbitrary code within the context of the browser, potentially leading to heap corruption (NVD).

The vulnerability was fixed in Chrome version 92.0.4515.107. Users should update their Chrome browser to this version or later. The fix involves modifying the TaskGroup::RefreshNaClDebugStubPort() to always report results asynchronously, eliminating the race condition that caused the use-after-free vulnerability (Chromium Issue).