CVE-2021-4100: 
vulnerability analysis and mitigation

Object lifecycle issue in ANGLE (Almost Native Graphics Layer Engine) in Google Chrome versions prior to 96.0.4664.110 was identified. This vulnerability, tracked as CVE-2021-4100, allowed remote attackers to potentially exploit heap corruption through a specially crafted HTML page. The vulnerability was discovered and reported on November 19, 2021, by Aki Helin of Solita (Chrome Release).

The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The technical classification includes CWE-787 (Out-of-bounds Write) and CWE-125 (Out-of-bounds Read). This indicates that the vulnerability could be exploited remotely with low attack complexity, requiring user interaction, and potentially impacting confidentiality, integrity, and availability (NVD).

The vulnerability could lead to heap corruption, which might allow attackers to execute arbitrary code or cause system crashes. The high CVSS score indicates severe potential impacts on system security, including the possibility of complete compromise of affected systems if successfully exploited (NVD).

Google addressed this vulnerability in Chrome version 96.0.4664.110 for Windows, Mac, and Linux platforms. Users are advised to update to this version or later to mitigate the risk. The fix was released as part of a security update that addressed multiple vulnerabilities (Chrome Release).