What is the severity of CVE-2021-37973?

CVE-2021-37973 has a CVSS v3 score of 9.6, which is classified as Critical severity.

Is there an exploit available for CVE-2021-37973?

Yes, there are known exploits available for CVE-2021-37973. Immediate patching is recommended.

Is there a patch available for CVE-2021-37973?

Yes, patches are available for CVE-2021-37973. Check the vendor advisories for update instructions.

CVE-2021-37973

Published: January 26, 2026

Last updated:1 day ago (January 26, 2026)

Exploit: YesZero-day: YesPatch: YesTrend: Neutral

TL;DR

Updated January 26, 2026

CVE-2021-37973 is a critical severity vulnerability with a CVSS score of 9.6. Exploits are available; patches have been released and should be applied urgently. This is classified as a zero-day vulnerability.

Key Points

1Critical severity (CVSS 9.6/10)
2EPSS: 4.00% - moderate likelihood of exploitation
3Public exploits are available
4Vendor patches are available
5Strobes Priority Score: 999/1000 (Critical)
6Affects products from: Fedoraproject, Debian, Google

Severity Scores

CVSS v39.6

CVSS v26.8

Priority Score999.0

EPSS Score4.0

Critical

Exploitation LikelihoodLow

4.00%EPSS

Lower probability of exploitation

Patch during regular maintenance

4.00%

EPSS

9.6

CVSS

Yes

Exploit

Yes

Patch

Critical Priority

exploit exists • critical severity • high priority

EPSS predicts the probability of exploitation in the next 30 days based on real-world threat data, complementing CVSS severity scores with actual risk assessment.

Description

Google Chromium Portals contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability affects web browsers that utilize Chromium, including Google Chrome and Microsoft Edge.

CVSS v3 Breakdown

Attack Vector:Network

Attack Complexity:Local

Privileges Required:Network

User Interaction:Required

Scope:Changed

Confidentiality:High

Integrity:High

Availability:High

Exploit References

Cisa.gov

Patch References

Chromereleases.googleblog.com Chrome Cve [email protected]Zeroday CZ

Trend Analysis

Neutral

Vulnerable Products

Vendor	Product
Fedoraproject	Fedora
Debian	Debian Linux
Google	Chrome

Advisories

CISA: Google Chromium Portals contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability affects web browsers that utilize Chromium, including Google Chrome and Microsoft Edge.

GitHub Advisory NVD

Cite This Page

APA Format

Strobes VI. (2026). CVE-2021-37973 - CVE Details and Analysis. Strobes VI. Retrieved January 27, 2026, from https://vi.strobes.co/cve/CVE-2021-37973

Quick copy link + title

Please cite this page when referencing data from Strobes VI. Proper attribution helps support our vulnerability intelligence research.

Vendor

Product

Fedoraproject

Fedora

Debian

Debian Linux

Google

Chrome