MediumCISA KEVExploited in the wildPublic exploit

Information leak in Google Chrome memory_instrumentation

IdentifiersCVE-2021-37976CWE-200

CVE-2021-37976 is an information disclosure vulnerability in Google Chrome, described by Google as an inappropriate implementation issue in Memory / memory_instrumentation. In Chrome versions prior to 94.0.4606.71, a remote attacker could trigger the flaw via a crafted HTML page and obtain potentially sensitive information from process memory. The available context identifies this as a Chrome bug used in the wild as part of a 2021 Android-targeting exploit chain alongside CVE-2021-37973, CVE-2021-38000, CVE-2021-38003, and CVE-2021-1048. Specific vulnerable functions or code paths beyond the memory_instrumentation component are not provided in the supplied content.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation allows disclosure of potentially sensitive data from the Chrome renderer or related process memory. On its own, this provides an attacker with memory contents that may aid bypass of exploit mitigations, exposure of secrets resident in process memory, or reliability improvements for follow-on exploitation. In the observed campaigns, this flaw was reportedly used as one element of a broader exploit chain targeting Android users and ultimately facilitating spyware deployment.

Mitigation

If you can’t patch tonight, do this now.

Until patching is complete, reduce exposure by restricting use of untrusted or attacker-controlled web content, hardening browser update compliance, and monitoring for access to known malicious delivery infrastructure associated with exploit chains targeting Chrome on Android. Enterprise controls such as URL filtering, application allowlisting, mobile threat defense, and rapid browser version enforcement can reduce risk, but no mitigation in the provided content substitutes for upgrading to a fixed Chrome release.

Remediation

Patch, then assume compromise.

Upgrade Google Chrome to version 94.0.4606.71 or later, as the vulnerability affects versions prior to 94.0.4606.71. Ensure downstream Chromium-based deployments and embedded Chrome/WebView distributions receive the corresponding patched build where applicable. Apply vendor security updates promptly across managed endpoints, especially Android devices exposed to targeted exploitation.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

DebianDebian Linuxoperating_system

Fedora ProjectFedoraoperating_system

GoogleChromeapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

3 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

3 SOURCESView more in app

the hacker newsNews

Dec 5, 2025

Intellexa Leaks Reveal Zero-Days and Ads-Based Vector for Predator Spyware Delivery

An information leak vulnerability in memory_instrumentation in Google Chrome, exploited by Predator spyware.

talosintelligence otherNews

May 25, 2023

Mercenary mayhem: A technical analysis of Intellexa's PREDATOR spyware

One of five zero-day vulnerabilities reportedly exploited in an exploit chain to deliver the ALIEN implant; affects Google Chrome.

google tag blogNews

May 19, 2022

Protecting Android users from 0-Day attacks

A Chrome zero-day vulnerability used in campaigns targeting Android users.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware2

Malware families riding this exploit, with evidence and IOCs.

Detection signatures3

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2021-37976

NVD

nvd.nist.gov/vuln/detail/CVE-2021-37976

debian.org/security/2022/dsa-5046

Release Notes

chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_30.html

Release Notes

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D63JZ3ROXCUHP4CFWDHCPZNTGET7T34R

Release Notes

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRFXUDH46PFVE75VQVWY6PYY5DK3S2XT

Release Notes

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNARCF5HEZK7GJXZRN5TQ45AQDCRM2WO

US Government Resource

cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-37976