CVE-2021-21216
published 2021-04-26CVE-2021-21216: Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page.
PriorityP343medium6.5CVSS 3.1
AVNACLPRNUIRSUCNIHAN
EPSS
21.77%
97.3th percentile
Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chromium | chromium | >= 0 < 90.0.4430.72-1 | 90.0.4430.72-1 |
| chromium | chromium | >= 0 < 90.0.4430.72-1 | 90.0.4430.72-1 |
| chromium | chromium | >= 0 < 90.0.4430.72-1 | 90.0.4430.72-1 |
| chromium | chromium | >= 0 < 90.0.4430.72-1 | 90.0.4430.72-1 |
| debian | chromium | < chromium 90.0.4430.72-1 (bookworm) | chromium 90.0.4430.72-1 (bookworm) |
| debian | debian_linux | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| chrome | < 90.0.4430.72 | 90.0.4430.72 | |
| chrome | >= unspecified < 90.0.4430.72 | 90.0.4430.72 | |
| chrome_chrome | — | — | |
| msrc | microsoft_edge | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv6.5MEDIUM
vendor_debian6.5MEDIUM
vendor_msrc6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qw7g-rph5-vw92: Inappropriate implementation in Autofill in Google Chrome prior to 90
ghsa_unreviewed·2022-05-24
CVE-2021-21216 [MEDIUM] CWE-290 GHSA-qw7g-rph5-vw92: Inappropriate implementation in Autofill in Google Chrome prior to 90
Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page.
OSV
CVE-2021-21216: Inappropriate implementation in Autofill in Google Chrome prior to 90
osv·2021-04-26·CVSS 6.5
CVE-2021-21216 [MEDIUM] CVE-2021-21216: Inappropriate implementation in Autofill in Google Chrome prior to 90
Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page.
Chrome
Stable Channel Update for Desktop: CVE-2021-21215
vendor_chrome·2021-04-14·CVSS 6.5
CVE-2021-21215 [MEDIUM] Stable Channel Update for Desktop: CVE-2021-21215
Stable Channel Update for Desktop
CVE-2021-21215: Inappropriate implementation in Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-01-30 [$TBD][ 1173297 ] Medium CVE-2021-21216: Inappropriate implementation in Autofill
Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-02-02 [$500][ 1166462 ] Low CVE-2021-21217: Uninitialized Use in PDFium
Severity: medium
Microsoft
Chromium: CVE-2021-21216 Inappropriate implementation in Autofill
vendor_msrc·2021-04-13·CVSS 6.5
CVE-2021-21216 [MEDIUM] Chromium: CVE-2021-21216 Inappropriate implementation in Autofill
Chromium: CVE-2021-21216 Inappropriate implementation in Autofill
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
90.0.818.39
4/15/2021
90.0.4430.72
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Su
Debian
CVE-2021-21216: chromium - Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 ...
vendor_debian·2021·CVSS 6.5
CVE-2021-21216 [MEDIUM] CVE-2021-21216: chromium - Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 ...
Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page.
Scope: local
bookworm: resolved (fixed in 90.0.4430.72-1)
bullseye: resolved (fixed in 90.0.4430.72-1)
forky: resolved (fixed in 90.0.4430.72-1)
sid: resolved (fixed in 90.0.4430.72-1)
trixie: resolved (fixed in 90.0.4430.72-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.htmlhttps://crbug.com/1173297https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EAJ42L4JFPBJATCZ7MOZQTUDGV4OEHHG/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3GZ42MYPGD35V652ZPVPYYS7A7LVXVY/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUZBGKGVZADNA3I24NVG7HAYYUTOSN5A/https://security.gentoo.org/glsa/202104-08https://www.debian.org/security/2021/dsa-4906https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.htmlhttps://crbug.com/1173297https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EAJ42L4JFPBJATCZ7MOZQTUDGV4OEHHG/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3GZ42MYPGD35V652ZPVPYYS7A7LVXVY/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUZBGKGVZADNA3I24NVG7HAYYUTOSN5A/https://security.gentoo.org/glsa/202104-08https://www.debian.org/security/2021/dsa-4906
2021-04-26
Published