PT-2021-2109 · Google+3 · Google Chrome+3

Wester0X01

·

Published

2021-01-19

·

Updated

2024-06-15

·

CVE-2021-21133

CVSS v3.1

7.3

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 88.0.4324.96
Description: The issue is related to insufficient policy enforcement in the Downloads component of Google Chrome, allowing an attacker to bypass navigation restrictions. This can be achieved by convincing a user to download files and using a crafted HTML page. The vulnerability is related to incorrect restriction of visualized user interface layers, which can be exploited by a remote attacker to bypass existing security restrictions.
Recommendations: For Google Chrome versions prior to 88.0.4324.96, update to version 88.0.4324.96 or later to resolve the issue. As a temporary workaround, consider restricting the use of the Downloads component until a patch is available. Avoid using crafted HTML pages that could exploit this issue.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

ALT-PU-2021-1146
ALT-PU-2021-1179
ALT-PU-2021-1198
ALT-PU-2021-1210
ALT-PU-2021-1379
BDU:2021-00965
CVE-2021-21133
DSA-4846-1
OPENSUSE-SU-2021:0166-1
OPENSUSE-SU-2021:0173-1
OPENSUSE-SU-2021:0177-1
OPENSUSE-SU-2021:0186-1
OPENSUSE-SU-2021_0166-1
OPENSUSE-SU-2021_0173-1
OPENSUSE-SU-2024:10681-1
OPENSUSE-SU-2024:12948-1

Affected Products

Alt Linux
Astra Linux
Google Chrome
Suse