PT-2021-1582 · Google+3 · Google Chrome+3

Alesandro Ortiz

·

Published

2021-01-06

·

Updated

2024-06-15

·

CVE-2021-21111

CVSS v3.1

9.6

Critical

VectorAV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 87.0.4280.141
Description The issue is related to insufficient policy enforcement in the WebUI of Google Chrome, which could allow an attacker to perform a sandbox escape via a crafted Chrome Extension if a user is convinced to install a malicious extension. This could potentially impact the confidentiality, integrity, and availability of protected information.
Recommendations For versions prior to 87.0.4280.141, update to version 87.0.4280.141 or later to resolve the issue. As a temporary workaround, consider restricting the installation of extensions to only trusted sources until the update can be applied.

Exploit

Fix

Clickjacking

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-1021

Related Identifiers

ALT-PU-2021-1010
ALT-PU-2021-1049
ALT-PU-2021-1157
ALT-PU-2021-1210
ALT-PU-2021-1379
BDU:2021-00200
CVE-2021-21111
DSA-4832-1
OPENSUSE-SU-2021:0040-1
OPENSUSE-SU-2021:0041-1
OPENSUSE-SU-2021:0047-1
OPENSUSE-SU-2021:0048-1
OPENSUSE-SU-2021:0138-1
OPENSUSE-SU-2021:0139-1
OPENSUSE-SU-2021_0040-1
OPENSUSE-SU-2021_0041-1
OPENSUSE-SU-2021_0138-1
OPENSUSE-SU-2021_0139-1
OPENSUSE-SU-2024:10681-1
OPENSUSE-SU-2024:12948-1

Affected Products

Alt Linux
Astra Linux
Google Chrome
Suse