Unrated severityNVD Advisory· Published Jan 8, 2021· Updated Aug 3, 2024
CVE-2021-21111
CVE-2021-21111
Description
Insufficient policy enforcement in WebUI in Google Chrome prior to 87.0.4280.141 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
Affected products
8- osv-coords7 versionspkg:rpm/opensuse/chromium&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/chromium&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/chromium&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/opera&distro=openSUSE%20Leap%2015.1%20NonFreepkg:rpm/opensuse/opera&distro=openSUSE%20Leap%2015.2%20NonFreepkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2015%20SP1pkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2015%20SP2
< 87.0.4280.141-lp151.2.165.1+ 6 more
- (no CPE)range: < 87.0.4280.141-lp151.2.165.1
- (no CPE)range: < 87.0.4280.141-lp152.2.60.1
- (no CPE)range: < 93.0.4577.82-1.1
- (no CPE)range: < 73.0.3856.344-lp151.2.42.1
- (no CPE)range: < 73.0.3856.344-lp152.2.30.1
- (no CPE)range: < 87.0.4280.141-bp151.3.150.1
- (no CPE)range: < 87.0.4280.141-bp152.2.47.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VVUWIJKZTZTG6G475OR6PP4WPQBVM6PS/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z6P6AVVFP7B2M4H7TJQBASRZIBLOTUFN/mitrevendor-advisoryx_refsource_FEDORA
- security.gentoo.org/glsa/202101-05mitrevendor-advisoryx_refsource_GENTOO
- www.debian.org/security/2021/dsa-4832mitrevendor-advisoryx_refsource_DEBIAN
- chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop.htmlmitrex_refsource_MISC
- crbug.com/1149125mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.