Introduction CVE-2021-38003 is a vulnerability that exists in the V8 Javascript engine. The vulnerability affects the Chrome browser before stable version 95.0.4638.69, and was disclosed in October 2021 in google’s chrome release blog, while the bug report was made public in February 2022. The vulnerability will cause a special value in V8 called TheHole being leaked to the script. This can lead to a renderer RCE in a Chromium-based browser, and has been used in the wild.