CVE-2021-21132UI Misrepresentation / Clickjacking in Google Chrome

CWE-1021UI Misrepresentation / Clickjacking7 documents7 sources
Severity
9.6CRITICALNVD
EPSS
18.4%
top 4.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Google ChromeChromiumMicrosoft Edge Chromium
Timeline
PublishedFeb 9
Latest updateMay 24

Description

Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 2.8 | Impact: 6.0

Affected Packages4 packages

CVEListV5google/chromeunspecified88.0.4324.96
NVDgoogle/chrome< 88.0.4324.96
NVDmicrosoft/edge_chromium< 88.0.705.50
Debianchromium/chromium< 88.0.4324.96-0.1+3

🔴Vulnerability Details

3
GHSA
GHSA-xjfj-5c48-9853: Inappropriate implementation in DevTools in Google Chrome prior to 882022-05-24
OSV
CVE-2021-21132: Inappropriate implementation in DevTools in Google Chrome prior to 882021-02-09
CVEList
CVE-2021-21132: Inappropriate implementation in DevTools in Google Chrome prior to 882021-02-09

📋Vendor Advisories

3
Chrome
Stable Channel Update for Desktop: CVE-2021-211312021-01-19
Microsoft
Chromium CVE-2021-21132: Inappropriate implementation in DevTools2021-01-12
Debian
CVE-2021-21132: chromium - Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 ...2021
CVE-2021-21132 — UI Misrepresentation / Clickjacking | cvebase