CVE-2021-37971

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 94.0.4606.54

Description The issue is related to an incorrect security UI in the browser, allowing a remote attacker to bypass existing security restrictions using a specially crafted HTML page. This can lead to spoofing the contents of the Omnibox (URL bar). The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. Technical details include the use of a crafted HTML page to exploit the vulnerability.

Recommendations For versions prior to 94.0.4606.54, update to version 94.0.4606.54 or later to resolve the issue. As a temporary workaround, consider restricting access to untrusted HTML pages to minimize the risk of exploitation. Avoid using the Omnibox (URL bar) for sensitive operations until the issue is resolved.