CVE-2021-30619 — Authentication Bypass by Spoofing in Chromium

CWE-290 — Authentication Bypass by Spoofing4 documents4 sources

Severity

6.5MEDIUM

No vector

EPSS

2.3%

top 15.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Chromium Google Chrome Chrome Msrc Microsoft Edge

Timeline

PublishedSep 14

Latest updateMay 24

Description

Chromium: CVE-2021-30619 UI Spoofing in Autofill Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: What is the version information for this release? | Microsoft Edge Version | Date Released | Based on Chromium Version | | ----- | ----- | ----- | | 93.0.961.38 | 9/2/2021 | 93.0.4577.63 | FAQ: Why is this Chrome CVE included in the Security Update Guide?…

Affected Packages3 packages

▶msrcmsrc/microsoft_edge

▶debiandebian/chromium< chromium 93.0.4577.82-1 (bookworm)

▶googlegoogle/chrome_chrome

🔴Vulnerability Details

GHSA

GHSA-934q-gq37-gq89: Inappropriate implementation in Autofill in Google Chrome prior to 93↗2022-05-24

▶

📋Vendor Advisories

Microsoft

Chromium: CVE-2021-30619 UI Spoofing in Autofill↗2021-09-14

▶

Chrome

Stable Channel Update for Desktop: CVE-2021-30618↗2021-08-31

▶

Debian

CVE-2021-30619: chromium - Chromium: CVE-2021-30619 UI Spoofing in Autofill↗2021

▶