Lucene search

K

ChromeCVELIST:CVE-2021-21228

HistoryApr 30, 2021 - 8:15 p.m.

CVE-2021-21228

2021-04-3020:15:29

Chrome

www.cve.org

1

5.6 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.9%

Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.

CNA Affected

[
  {
    "product": "Chrome",
    "vendor": "Google",
    "versions": [
      {
        "lessThan": "90.0.4430.93",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html

crbug.com/1139156

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EAJ42L4JFPBJATCZ7MOZQTUDGV4OEHHG/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3GZ42MYPGD35V652ZPVPYYS7A7LVXVY/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUZBGKGVZADNA3I24NVG7HAYYUTOSN5A/

security.gentoo.org/glsa/202104-08

www.debian.org/security/2021/dsa-4911

5.6 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.9%

Related for CVELIST:CVE-2021-21228

prion1 debiancve1 cve1 nvd1 ubuntucve1 mscve1 veracode1 nessus8 freebsd1 suse2 debian1 osv1 chrome1 openvas8 kaspersky3 threatpost1 archlinux1 fedora3 gentoo1