A potential security vulnerability in the Intel® RXT for Chromebook application may allow information disclosure. Intel is not releasing updates to mitigate this potential vulnerability and has issued a Product Discontinuation Notice for the Intel® RXT for Chromebook application.
CVEID: CVE-2021-33166
Description: Incorrect default permissions for the Intel® RXT for Chromebook application, all versions, may allow an authenticated user to potentially enable information disclosure via local access.
CVSS Base Score: 4.4 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N****
Intel® RXT for Chromebook application, all versions.
Intel has issued a Product Discontinuation notice for the Intel® RXT for Chromebook application and recommends that users of the Intel® RXT for Chromebook application uninstall it or discontinue use at their earliest convenience.
Intel would like to thank Sheikh Rishad for reporting this issue.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.