CVE-2021-37964
Description
Inappropriate implementation in ChromeOS Networking in Google Chrome on ChromeOS prior to 94.0.4606.54 allowed an attacker with a rogue wireless access point to to potentially carryout a wifi impersonation attack via a crafted ONC file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Inappropriate implementation in ChromeOS Networking allows an attacker with a rogue access point to impersonate WiFi via a crafted ONC file.
Vulnerability
An inappropriate implementation in ChromeOS Networking in Google Chrome on ChromeOS prior to 94.0.4606.54 allows an attacker with a rogue wireless access point to potentially carry out a WiFi impersonation attack via a crafted ONC (Open Network Configuration) file. The vulnerability resides in how the system processes ONC files, which are used to configure network settings.
Exploitation
An attacker must set up a rogue wireless access point within range of the target device and deliver a specially crafted ONC file to the victim. The user may need to connect to the rogue AP or manually import the malicious ONC file for the attack to succeed. No authentication or special privileges are required beyond proximity and the ability to serve the crafted file.
Impact
Successful exploitation allows the attacker to impersonate a legitimate WiFi network, potentially enabling man-in-the-middle attacks, interception of network traffic, and theft of sensitive information such as credentials or session tokens.
Mitigation
The issue is fixed in Chrome version 94.0.4606.54 for ChromeOS. Users should update to this version or later. No workarounds have been published, and the vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
6- osv-coords4 versionspkg:rpm/opensuse/chromium&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/chromium&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/chromium&distro=openSUSE%20Tumbleweedpkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2015%20SP3
< 94.0.4606.81-lp152.2.132.1+ 3 more
- (no CPE)range: < 94.0.4606.81-lp152.2.132.1
- (no CPE)range: < 94.0.4606.71-bp153.2.31.1
- (no CPE)range: < 94.0.4606.71-1.1
- (no CPE)range: < 94.0.4606.71-bp153.2.31.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PM7MOYYHJSWLIFZ4TPJTD7MSA3HSSLV2/mitrevendor-advisoryx_refsource_FEDORA
- www.debian.org/security/2022/dsa-5046mitrevendor-advisoryx_refsource_DEBIAN
- chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_21.htmlmitrex_refsource_MISC
- crbug.com/1203612mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.