CVE-2021-30538Incorrect Authorization in Google Chrome

CWE-863Incorrect Authorization7 documents7 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 57.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Google ChromeChromiumDebian Chromium+3 more
Timeline
PublishedJun 7
Latest updateMay 24

Description

Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages6 packages

CVEListV5google/chromeunspecified91.0.4472.77
NVDgoogle/chrome< 91.0.4472.77
debiandebian/chromium< chromium 93.0.4577.82-1 (bookworm)
Debianchromium/chromium< 93.0.4577.82-1+3

Also affects: Fedora 33, 34

Patches

Patch: crbug.comPatch: crbug.com

🔴Vulnerability Details

3
GHSA
GHSA-gpxj-hxrf-jj37: Insufficient policy enforcement in content security policy in Google Chrome prior to 912022-05-24
OSV
CVE-2021-30538: Insufficient policy enforcement in content security policy in Google Chrome prior to 912021-06-07
VulnCheck
Google Chrome Incorrect Authorization2021

📋Vendor Advisories

3
Chrome
Stable Channel Update for Desktop: CVE-2021-305382021-05-25
Microsoft
Chromium: CVE-2021-30538 Insufficient policy enforcement in content security policy2021-05-11
Debian
CVE-2021-30538: chromium - Insufficient policy enforcement in content security policy in Google Chrome prio...2021