CVE-2021-21206

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: March 5, 2026 6 articles

VulnLookup ↗ NVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-24

21.91%

probability

This CVE has a 21.91% probability of being exploited in the next 30 days.

0% Top 95.8th percentile of all CVEs 100%

CVSS score unavailable

Neither CIRCL nor NVD returned a CVSS score for this CVE. View on VulnerabilityLookup ↗

Description

Project Zero

Use-after-free in Blink

Attack Intelligence

CWE-118 · Incorrect Access of Indexable Resource ('Range Error') CWE-119 · Buffer Overflow CWE-416 · Use After Free CWE-664 · Improper Control of a Resource Through its Lifetime CWE-666 · Operation on Resource in Wrong Phase of Lifetime CWE-672 · Operation on a Resource after Expiration or Release CWE-825 · Expired Pointer Dereference

Google Project Zero

Discovered

April 7, 2021

Patched

April 13, 2021

Reported by

???

Root Cause Analysis

???

Update Google Chrome ASAP to Patch 2 New Actively Exploited Zero-Day Flaws

TheHackerNews

Update Google Chrome to Patch New Zero-Day Exploit Detected in the Wild

TheHackerNews

Urgent Chrome Update Released to Patch Actively Exploited Zero-Day Vulnerability

TheHackerNews

Update Your Chrome Browser to Patch New Zero‑Day Bug Exploited in the Wild

TheHackerNews

Update Your Chrome Browser ASAP to Patch a Week Old Public Exploit

TheHackerNews

Qualys Response to CISA Alert: Binding Operational Directive 22-01

Qualys Nov 09, 2021

Signal Intelligence

Confidenceⓘ

95%

EPSS 21.91%

Mentions 6

Last Seen Nov 09, 2021

CNA Information

Analyst Note

Auto-imported from Google Project Zero — confirmed zero-day by definition.

Triage Info

Decided atMar 05, 2026