PT-2021-5635 · Google+2 · Google Chrome+2

Mohit Raj

Published

2021-04-30

Updated

2024-06-15

CVE-2021-21229

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 90.0.4430.93

Description The issue is related to incorrect security UI in downloads, allowing a remote attacker to perform domain spoofing via a crafted HTML page. This is due to an insufficient mechanism for confirming the source of downloads. The exploitation of this issue can enable a remote attacker to bypass existing security restrictions using a specially crafted HTML page.

Recommendations For versions prior to 90.0.4430.93, update to version 90.0.4430.93 or later to resolve the issue. As a temporary workaround, consider restricting the use of the download feature in Google Chrome on Android until the update is applied.

Fix

Origin Validation Error

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-346

Related Identifiers

BDU:2022-00073

CVE-2021-21229

DSA-4911-1

OPENSUSE-SU-2021:0629-1

OPENSUSE-SU-2021:0729-1

OPENSUSE-SU-2021_0629-1

OPENSUSE-SU-2021_0729-1

OPENSUSE-SU-2024:10681-1

OPENSUSE-SU-2024:12948-1

Affected Products

Astra Linux

Google Chrome

Suse

PT-2021-5635 · Google+2 · Google Chrome+2

CVE-2021-21229

Weakness Enumeration

Related Identifiers

Affected Products

References · 2342