CVE-2021-20791
Description
Improper access control in RevoWorks Browser ≤2.1.230 allows unauthorized file exchange between local and isolated environments.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Improper access control in RevoWorks Browser ≤2.1.230 allows unauthorized file exchange between local and isolated environments.
Vulnerability
Improper access control (CWE-284) in RevoWorks Browser versions 2.1.230 and earlier allows an attacker to bypass access restrictions between the local environment and the isolated environment (a virtual browser for internet isolation). The vulnerability enables unauthorized file exchange or alteration of browser settings via unspecified vectors. According to the developer, RevoWorks Browser 2.0.x is not affected [1].
Exploitation
An attacker with local access and low privileges (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N) can exploit this vulnerability without user interaction. The attack complexity is low. The attacker can exchange unauthorized files between the local and isolated environments or modify browser settings [1].
Impact
Successful exploitation results in unauthorized file exchange between the local and isolated environments, leading to low confidentiality and integrity impacts. The scope is changed, meaning the vulnerable component affects resources beyond its security boundary. The attacker may also alter browser settings [1].
Mitigation
The developer has released RevoWorks Browser version 2.2.50, which addresses this vulnerability. Users should update to the latest version. No workarounds are documented. Versions 2.0.x are not affected [1].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <=2.1.230
- J’s Communication Co., Ltd./RevoWorks Browserv5Range: 2.1.230 and earlier
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
2- jscom.jp/news-20210910_2/mitrex_refsource_MISC
- jvn.jp/en/jp/JVN81658818/index.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.