CVE-2021-21142

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 88.0.4324.146

Description The issue is related to a use after free vulnerability in the Payments component of Google Chrome, which can be exploited by a remote attacker to potentially perform a sandbox escape via a crafted HTML page. This vulnerability is caused by accessing a block of memory that has already been freed in the implementation of the Payments API. The estimated number of potentially affected devices worldwide is not specified.

Recommendations For Google Chrome versions prior to 88.0.4324.146, update to version 88.0.4324.146 or later to resolve the issue. As a temporary workaround, consider restricting access to the Payments API until the update is applied. Avoid using the Payments component in Google Chrome until the issue is resolved.