HighCISA KEVExploited in the wildPublic exploit

Data race in audio in Google Chrome

IdentifiersCVE-2021-21166CWE-362· Concurrent Execution using Shared…

CVE-2021-21166 is a data race vulnerability in the audio component of Google Chrome affecting versions prior to 89.0.4389.72. According to the provided content, the flaw allowed a remote attacker to potentially trigger heap corruption by luring a target to a crafted HTML page. The issue is described as a race condition in Chrome’s audio handling logic; while the specific vulnerable function is not provided in the supplied material, the resulting memory corruption condition could be reached through web content processed by the browser.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation could allow an attacker to induce heap corruption in the browser process. Depending on exploit reliability and surrounding mitigations, this could plausibly lead to browser process compromise, including remote code execution in the context of the targeted user, or at minimum a browser crash/instability condition. The supplied content specifically states that Candiru exploited this Chrome zero-day via single-use links sent to targets believed to be in Armenia, indicating the vulnerability was considered exploitable in real-world targeted operations.

Mitigation

If you can’t patch tonight, do this now.

Until patching is completed, reduce exposure by restricting use of untrusted links and web content, especially in high-risk targeted environments; isolate browser activity through sandboxing and endpoint controls; and monitor for suspicious single-use or highly targeted phishing links. Enterprise defenders should prioritize rapid browser patching and consider additional controls such as application isolation and exploit detection for browser memory-corruption activity. Specific temporary vendor mitigations beyond updating were not provided in the supplied content.

Remediation

Patch, then assume compromise.

Upgrade Google Chrome to version 89.0.4389.72 or later, as the vulnerability affects Chrome prior to 89.0.4389.72. Apply the corresponding Chromium-based browser updates where applicable to ensure the patched code is deployed.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

DebianDebian Linuxoperating_system

Fedora ProjectFedoraoperating_system

GoogleChromeapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

2 SOURCESView more in app

recorded future blogNews

Aug 5, 2025

Tracking Candiru’s DevilsTongue Spyware in Multiple Countries

A Google Chrome renderer remote code execution (RCE) zero-day exploited in targeted attacks attributed to Candiru; also impacted WebKit and was patched by Apple as CVE-2021-1844.

eset welivesecurity blogNews

Nov 16, 2021

Strategic web compromises in the Middle East with a pinch of Candiru

A Chrome browser remote code execution exploit referenced as being used by Candiru for drive-by compromise via a crafted URL.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence2

Every observed campaign linking this CVE to a named adversary.

Associated malware2

Malware families riding this exploit, with evidence and IOCs.

Detection signatures2

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2021-21166

NVD

nvd.nist.gov/vuln/detail/CVE-2021-21166

MITRE CWE · CWE-362

Concurrent Execution using Shared Resource…

Third Party Advisory

security.gentoo.org/glsa/202104-08

Third Party Advisory

debian.org/security/2021/dsa-4886

Release Notes

chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html

Release Notes

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BBT54RKAE5XLMWSHLVUKJ7T2XHHYMXLH

Release Notes

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FE5SIKEVYTMDCC5OSXGOM2KRPYLHYMQX

Release Notes

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCIDZ77XUDMB2EBPPWCQXPEIJERDNSNT

Permissions Required

crbug.com/1177465

US Government Resource

cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-21166