PT-2021-2107 · Google+3 · Google Chrome+3

Imdad Mohammed

Published

2021-01-21

Updated

2024-06-15

CVE-2021-21136

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Google Chrome on Android versions prior to 88.0.4324.96

Description: The issue is related to insufficient policy enforcement in the WebView component, which can allow a remote attacker to leak cross-origin data. This can be achieved via a crafted HTML page. The vulnerability is associated with a lack of protection for transmitted data, potentially enabling an unauthorized access to sensitive information.

Recommendations: For versions prior to 88.0.4324.96, update to version 88.0.4324.96 or later to resolve the issue.

Fix

Origin Validation Error

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-346

Related Identifiers

ALT-PU-2021-1146

ALT-PU-2021-1179

ALT-PU-2021-1198

ALT-PU-2021-1210

ALT-PU-2021-1379

BDU:2021-00963

CVE-2021-21136

DSA-4846-1

OPENSUSE-SU-2021:0166-1

OPENSUSE-SU-2021:0173-1

OPENSUSE-SU-2021:0177-1

OPENSUSE-SU-2021:0186-1

OPENSUSE-SU-2021_0166-1

OPENSUSE-SU-2021_0173-1

OPENSUSE-SU-2024:10681-1

OPENSUSE-SU-2024:12948-1

Affected Products

Alt Linux

Astra Linux

Google Chrome

Suse

PT-2021-2107 · Google+3 · Google Chrome+3

CVE-2021-21136

Weakness Enumeration

Related Identifiers

Affected Products

References · 2337