Google · Google Chrome · CVE-2021-21127
Name of the Vulnerable Software and Affected Versions:
Google Chrome versions prior to 88.0.4324.96
Description:
The issue is related to insufficient policy enforcement in extensions, allowing a remote attacker to bypass content security policy via a crafted Chrome Extension. This could enable the attacker to circumvent existing security restrictions.
Recommendations:
For versions prior to 88.0.4324.96, update to version 88.0.4324.96 or later to resolve the issue.
As a temporary workaround, consider disabling the use of Chrome Extensions until a patch is applied.
Restrict access to the Chrome Extension platform to minimize the risk of exploitation.