CVE-2021-30621 — Authentication Bypass by Spoofing in Microsoft Edge

CWE-290 — Authentication Bypass by Spoofing4 documents4 sources

Severity

6.5MEDIUM

No vector

EPSS

2.3%

top 15.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Chromium Google Chrome Chrome Msrc Microsoft Edge

Timeline

PublishedAug 31

Latest updateMay 24

Description

Stable Channel Update for Desktop CVE-2021-30621: UI Spoofing in Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-04-30 [$NA][ 1224419 ] Medium CVE-2021-30622: Use after free in WebApp Installs Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2021-06-28 [$10000][ 1223667 ] Low CVE-2021-30623: Use after free in Bookmarks Severity: medium

Affected Packages3 packages

▶msrcmsrc/microsoft_edge

▶debiandebian/chromium< chromium 93.0.4577.82-1 (bookworm)

▶googlegoogle/chrome_chrome

🔴Vulnerability Details

GHSA

GHSA-cm3p-j4f2-pc4m: Inappropriate implementation in Autofill in Google Chrome prior to 93↗2022-05-24

▶

📋Vendor Advisories

Microsoft

Chromium: CVE-2021-30621 UI Spoofing in Autofill↗2021-09-14

▶

Chrome

Stable Channel Update for Desktop: CVE-2021-30621↗2021-08-31

▶

Debian

CVE-2021-30621: chromium - Chromium: CVE-2021-30621 UI Spoofing in Autofill↗2021

▶