CVE-2021-21228

Published: Apr 30, 2021Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.

Affected (5)

Products: Google: Chrome · Debian: Debian Linux · Fedoraproject: Fedora

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Google Chrome	Before 90.0.4430.93

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 32
Fedoraproject Fedora	Version 33
Fedoraproject Fedora	Version 34

Related CWEs

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (14)

https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html

Source: chrome-cve-admin@google.com

Release NotesVendor Advisory

https://crbug.com/1139156

Source: chrome-cve-admin@google.com

Broken LinkVendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EAJ42L4JFPBJATCZ7MOZQTUDGV4OEHHG/

Source: chrome-cve-admin@google.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3GZ42MYPGD35V652ZPVPYYS7A7LVXVY/

Source: chrome-cve-admin@google.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUZBGKGVZADNA3I24NVG7HAYYUTOSN5A/

Source: chrome-cve-admin@google.com

https://security.gentoo.org/glsa/202104-08

Source: chrome-cve-admin@google.com

Third Party Advisory

https://www.debian.org/security/2021/dsa-4911

Source: chrome-cve-admin@google.com

Third Party Advisory

https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://crbug.com/1139156

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkVendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EAJ42L4JFPBJATCZ7MOZQTUDGV4OEHHG/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3GZ42MYPGD35V652ZPVPYYS7A7LVXVY/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUZBGKGVZADNA3I24NVG7HAYYUTOSN5A/

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/202104-08

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.debian.org/security/2021/dsa-4911

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.