PT-2021-5614 · Google+2 · Google Chrome+2

Retsew0X01

Published

2021-05-16

Updated

2024-06-15

CVE-2021-30506

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 90.0.4430.212

Description The issue is related to incorrect security UI in Web App Installs, allowing an attacker to inject scripts or HTML into a privileged page via a crafted HTML page if they convince a user to install a web application. This could enable a remote attacker to redirect users to a malicious web page.

Recommendations For Google Chrome on Android versions prior to 90.0.4430.212, update to version 90.0.4430.212 or later to resolve the issue. As a temporary workaround, consider avoiding the installation of web applications from untrusted sources until the update is applied.

Fix

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74

Related Identifiers

BDU:2022-00049

CVE-2021-30506

DSA-4917-1

OPENSUSE-SU-2021:0742-1

OPENSUSE-SU-2021:0762-1

OPENSUSE-SU-2021:0828-1

OPENSUSE-SU-2021:0829-1

OPENSUSE-SU-2021_0742-1

OPENSUSE-SU-2021_0762-1

OPENSUSE-SU-2021_0828-1

OPENSUSE-SU-2021_0829-1

OPENSUSE-SU-2022:0110-1

OPENSUSE-SU-2022_0110-1

OPENSUSE-SU-2024:10681-1

OPENSUSE-SU-2024:12948-1

Affected Products

Astra Linux

Google Chrome

Suse

PT-2021-5614 · Google+2 · Google Chrome+2

CVE-2021-30506

Weakness Enumeration

Related Identifiers

Affected Products

References · 2346