google chrome CVE-2021-30533 in Google and Fedora Project Products
Published on June 7, 2021

product logo product logo
Insufficient policy enforcement in PopupBlocker in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted iframe.

Vendor Advisory Vendor Advisory NVD

Known Exploited Vulnerability

This Google Chromium Security Bypass Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Insufficient policy enforcement in the PopupBlocker for Chromium allows an attacker to remotely bypass security mechanisms. This vulnerability impacts web browsers using Chromium such as Chrome and Edge.

The following remediation steps are recommended / required by July 18, 2022: Apply updates per vendor instructions.

Vulnerability Analysis

CVE-2021-30533 can be exploited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.

What is an AuthZ Vulnerability?

The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

CVE-2021-30533 has been classified to as an AuthZ vulnerability or weakness.


Products Associated with CVE-2021-30533

You can be notified by stack.watch whenever vulnerabilities like CVE-2021-30533 are published in these products:

Google Chrome
 
Fedora Project Fedora
 

What versions are vulnerable to CVE-2021-30533?