CVE-2021-21186

✓ Confirmed 0-Day

Triaged: March 20, 2026 2 articles

VulnLookup ↗ NVD ↗ MITRE ↗

EPSS Score

Source: FIRST.org · 2026-05-24

0.43%

probability

This CVE has a 0.43% probability of being exploited in the next 30 days.

0% Top 62.9th percentile of all CVEs 100%

CVSS score unavailable

Neither CIRCL nor NVD returned a CVSS score for this CVE. View on VulnerabilityLookup ↗

Attack Intelligence

CWE-284 · Improper Access Control CWE-285 · Improper Authorization CWE-863 · Incorrect Authorization

Google fixes second actively exploited Chrome zero-day bug this year

BleepingComputer Mar 02, 2021

Microsoft March 2021 Patch Tuesday fixes 82 flaws, 2 zero-days

BleepingComputer Mar 09, 2021

Signal Intelligence

Confidenceⓘ

85%

EPSS 0.43%

Mentions 2

Last Seen Mar 09, 2021

CNA Information

Analyst Note

Article [1] explicitly names this CVE as an 'actively exploited Chrome zero-day bug' fixed by Google in 2021, with clear language matching zero-day criteria. Article [2] mentions Microsoft Patch Tuesday fixing zero-days, but the critical evidence comes from [1]'s direct attribution of active exploitation to this specific CVE before/concurrent with the patch.

Triage Info

Decided atMar 20, 2026