CVE-2021-4057: 
vulnerability analysis and mitigation

CVE-2021-4057 is a Use-after-free vulnerability in the file API of Google Chrome versions prior to 96.0.4664.93. The vulnerability was discovered and reported by Sergei Glazunov of Google Project Zero on October 21, 2021 (Chrome Blog).

The vulnerability is a Use-after-free (CWE-416) issue in the file API component of Google Chrome. It allows a remote attacker who has compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. The vulnerability has been assigned a CVSS v3.1 base score of 8.8 HIGH with vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD).

If successfully exploited, this vulnerability could allow an attacker who has compromised the renderer process to execute arbitrary code through heap corruption, potentially leading to full system compromise. The attack requires user interaction and the attacker must first compromise the renderer process (NVD).

The vulnerability has been patched in Chrome version 96.0.4664.93. Users and administrators should update to this version or later to mitigate the risk. Multiple Linux distributions have also released security updates including Debian (DSA-5046), Fedora, and Gentoo (Debian Security, Gentoo Security).