PT-2021-2060 · Google+3 · Google Chrome+3

David Erceg

Published

2021-01-19

Updated

2024-06-15

CVE-2021-21126

CVSS v3.1

7.3

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 88.0.4324.96

Description: The issue is related to insufficient policy enforcement in extensions, allowing a remote attacker to bypass site isolation using a crafted Chrome Extension. This can be exploited by creating a specially designed Chrome extension to circumvent existing security restrictions. The estimated number of potentially affected devices and details about real-world incidents are not provided.

Recommendations: For versions prior to 88.0.4324.96, update to version 88.0.4324.96 or later to resolve the issue. As a temporary workaround, consider restricting the installation of Chrome extensions from untrusted sources to minimize the risk of exploitation. Avoid using extensions that may bypass site isolation until the issue is resolved.

Exploit

Fix

Improper Authentication

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-20

Related Identifiers

ALT-PU-2021-1146

ALT-PU-2021-1179

ALT-PU-2021-1198

ALT-PU-2021-1210

ALT-PU-2021-1379

BDU:2021-00907

CVE-2021-21126

DSA-4846-1

MGASA-2021-0406

OPENSUSE-SU-2021:0166-1

OPENSUSE-SU-2021:0173-1

OPENSUSE-SU-2021:0177-1

OPENSUSE-SU-2021:0186-1

OPENSUSE-SU-2021:0973-1

OPENSUSE-SU-2021:1016-1

OPENSUSE-SU-2021_0166-1

OPENSUSE-SU-2021_0173-1

OPENSUSE-SU-2021_0973-1

OPENSUSE-SU-2024:10681-1

OPENSUSE-SU-2024:10977-1

OPENSUSE-SU-2024:12948-1

Affected Products

Alt Linux

Astra Linux

Google Chrome

Suse

PT-2021-2060 · Google+3 · Google Chrome+3

CVE-2021-21126

Weakness Enumeration

Related Identifiers

Affected Products

References · 2361