CVE-2021-30533 in Google and Fedora Project Products
Published on June 7, 2021
Known Exploited Vulnerability
This Google Chromium Security Bypass Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Insufficient policy enforcement in the PopupBlocker for Chromium allows an attacker to remotely bypass security mechanisms. This vulnerability impacts web browsers using Chromium such as Chrome and Edge.
The following remediation steps are recommended / required by July 18, 2022: Apply updates per vendor instructions.
Vulnerability Analysis
CVE-2021-30533 can be exploited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.
What is an AuthZ Vulnerability?
The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
CVE-2021-30533 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2021-30533
You can be notified by stack.watch whenever vulnerabilities like CVE-2021-30533 are published in these products:
What versions are vulnerable to CVE-2021-30533?
- Google Chrome Fixed in Version 91.0.4472.77
- Fedora Project Fedora Version 33
- Fedora Project Fedora Version 34