Vulnerability-Lookup

CVE-2021-21133 (GCVE-0-2021-21133)

Vulnerability from cvelistv5 – Published: 2021-02-09 13:56 – Updated: 2024-08-03 18:01

Summary

Insufficient policy enforcement in Downloads in Google Chrome prior to 88.0.4324.96 allowed an attacker who convinced a user to download files to bypass navigation restrictions via a crafted HTML page.

Severity ?

No CVSS data available.

CWE

Insufficient policy enforcement

Assigner

Chrome

References

URL

Tags

	https://chromereleases.googleblog.com/2021/01/sta…	x_refsource_MISC
	https://crbug.com/1157743	x_refsource_MISC
	https://msrc.microsoft.com/update-guide/en-US/vul…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Google	Chrome	Affected: unspecified , < 88.0.4324.96 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:01:14.110Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://crbug.com/1157743"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21133"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "88.0.4324.96",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Insufficient policy enforcement in Downloads in Google Chrome prior to 88.0.4324.96 allowed an attacker who convinced a user to download files to bypass navigation restrictions via a crafted HTML page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Insufficient policy enforcement",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-24T20:00:21.000Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://crbug.com/1157743"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21133"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "chrome-cve-admin@google.com",
          "ID": "CVE-2021-21133",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Chrome",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "88.0.4324.96"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Google"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Insufficient policy enforcement in Downloads in Google Chrome prior to 88.0.4324.96 allowed an attacker who convinced a user to download files to bypass navigation restrictions via a crafted HTML page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Insufficient policy enforcement"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html",
              "refsource": "MISC",
              "url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html"
            },
            {
              "name": "https://crbug.com/1157743",
              "refsource": "MISC",
              "url": "https://crbug.com/1157743"
            },
            {
              "name": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21133",
              "refsource": "MISC",
              "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21133"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2021-21133",
    "datePublished": "2021-02-09T13:56:05.000Z",
    "dateReserved": "2020-12-21T00:00:00.000Z",
    "dateUpdated": "2024-08-03T18:01:14.110Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2021-AVI-048

Vulnerability from certfr_avis - Published: 2021-01-20 - Updated: 2021-01-20

De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Google	Chrome	Google Chrome versions antérieures à 88.0.4324.96

References

Title

Publication Time

Tags

Bulletin de sécurité Google du 19 janvier 2021

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Google Chrome versions ant\u00e9rieures \u00e0 88.0.4324.96",
      "product": {
        "name": "Chrome",
        "vendor": {
          "name": "Google",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-21133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21133"
    },
    {
      "name": "CVE-2021-21136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21136"
    },
    {
      "name": "CVE-2021-21138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21138"
    },
    {
      "name": "CVE-2021-21128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21128"
    },
    {
      "name": "CVE-2021-21139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21139"
    },
    {
      "name": "CVE-2021-21140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21140"
    },
    {
      "name": "CVE-2021-21132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21132"
    },
    {
      "name": "CVE-2021-21126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21126"
    },
    {
      "name": "CVE-2021-21135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21135"
    },
    {
      "name": "CVE-2021-21129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21129"
    },
    {
      "name": "CVE-2021-21131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21131"
    },
    {
      "name": "CVE-2021-21122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21122"
    },
    {
      "name": "CVE-2021-21141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21141"
    },
    {
      "name": "CVE-2021-21124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21124"
    },
    {
      "name": "CVE-2021-21117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21117"
    },
    {
      "name": "CVE-2021-21123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21123"
    },
    {
      "name": "CVE-2021-21120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21120"
    },
    {
      "name": "CVE-2020-16044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-16044"
    },
    {
      "name": "CVE-2021-21137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21137"
    },
    {
      "name": "CVE-2021-21121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21121"
    },
    {
      "name": "CVE-2021-21130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21130"
    },
    {
      "name": "CVE-2021-21127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21127"
    },
    {
      "name": "CVE-2021-21118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21118"
    },
    {
      "name": "CVE-2021-21119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21119"
    },
    {
      "name": "CVE-2021-21134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21134"
    },
    {
      "name": "CVE-2021-21125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21125"
    }
  ],
  "initial_release_date": "2021-01-20T00:00:00",
  "last_revision_date": "2021-01-20T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-048",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-01-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Chrome.\nElles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Chrome",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Google du 19 janvier 2021",
      "url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html"
    }
  ]
}

CERTFR-2021-AVI-054

Vulnerability from certfr_avis - Published: 2021-01-22 - Updated: 2021-01-22

De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Microsoft	Edge	Microsoft Edge versions antérieures à 88.0.705.50
	Microsoft	Edge	Microsoft Edge (Chromiun-based) versions antérieures à 88.0.4324.96

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft CVE-2021-21140 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21139 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21118 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21121 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21141 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21136 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21133 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21123 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21134 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21132 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21128 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21127 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21120 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21135 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21131 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21119 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21129 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21122 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21126 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21137 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21124 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21130 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21125 du 21 janvier 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Edge versions ant\u00e9rieures \u00e0 88.0.705.50",
      "product": {
        "name": "Edge",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Edge (Chromiun-based) versions ant\u00e9rieures \u00e0 88.0.4324.96",
      "product": {
        "name": "Edge",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-21133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21133"
    },
    {
      "name": "CVE-2021-21136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21136"
    },
    {
      "name": "CVE-2021-21128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21128"
    },
    {
      "name": "CVE-2021-21139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21139"
    },
    {
      "name": "CVE-2021-21140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21140"
    },
    {
      "name": "CVE-2021-21132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21132"
    },
    {
      "name": "CVE-2021-21126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21126"
    },
    {
      "name": "CVE-2021-21135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21135"
    },
    {
      "name": "CVE-2021-21129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21129"
    },
    {
      "name": "CVE-2021-21131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21131"
    },
    {
      "name": "CVE-2021-21122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21122"
    },
    {
      "name": "CVE-2021-21141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21141"
    },
    {
      "name": "CVE-2021-21124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21124"
    },
    {
      "name": "CVE-2021-21123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21123"
    },
    {
      "name": "CVE-2021-21120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21120"
    },
    {
      "name": "CVE-2021-21137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21137"
    },
    {
      "name": "CVE-2021-21121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21121"
    },
    {
      "name": "CVE-2021-21130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21130"
    },
    {
      "name": "CVE-2021-21127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21127"
    },
    {
      "name": "CVE-2021-21118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21118"
    },
    {
      "name": "CVE-2021-21119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21119"
    },
    {
      "name": "CVE-2021-21134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21134"
    },
    {
      "name": "CVE-2021-21125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21125"
    }
  ],
  "initial_release_date": "2021-01-22T00:00:00",
  "last_revision_date": "2021-01-22T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-054",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-01-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Edge.\nElles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21140 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21140"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21139 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21139"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21118 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21118"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21121 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21121"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21141 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21141"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21136 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21136"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21133 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21133"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21123 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21123"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21134 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21134"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21132 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21132"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21128 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21128"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21127 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21127"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21120 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21120"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21135 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21136"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21131 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21131"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21119 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21119"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21129 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21129"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21122 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21122"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21126 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21126"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21137 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21137"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21124 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21124"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21130 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21130"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21125 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21125"
    }
  ]
}

CERTFR-2021-AVI-103

Vulnerability from certfr_avis - Published: 2021-02-10 - Updated: 2021-02-10

De multiples vulnérabilités ont été corrigées dans Microsoft Edge. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et un contournement de la fonctionnalité de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Microsoft	Edge	Microsoft Edge pour Android
	Microsoft	Edge	Microsoft Edge (Chromium-based)

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 09 février 2021

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Edge pour Android",
      "product": {
        "name": "Edge",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Edge (Chromium-based)",
      "product": {
        "name": "Edge",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-21133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21133"
    },
    {
      "name": "CVE-2021-21148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21148"
    },
    {
      "name": "CVE-2021-21136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21136"
    },
    {
      "name": "CVE-2021-21147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21147"
    },
    {
      "name": "CVE-2021-21128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21128"
    },
    {
      "name": "CVE-2021-21139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21139"
    },
    {
      "name": "CVE-2021-21140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21140"
    },
    {
      "name": "CVE-2021-21143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21143"
    },
    {
      "name": "CVE-2021-21132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21132"
    },
    {
      "name": "CVE-2021-21126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21126"
    },
    {
      "name": "CVE-2021-21135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21135"
    },
    {
      "name": "CVE-2021-21129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21129"
    },
    {
      "name": "CVE-2021-21142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21142"
    },
    {
      "name": "CVE-2021-21131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21131"
    },
    {
      "name": "CVE-2021-24113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-24113"
    },
    {
      "name": "CVE-2021-21122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21122"
    },
    {
      "name": "CVE-2021-21141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21141"
    },
    {
      "name": "CVE-2021-21145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21145"
    },
    {
      "name": "CVE-2021-21124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21124"
    },
    {
      "name": "CVE-2021-21123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21123"
    },
    {
      "name": "CVE-2021-21120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21120"
    },
    {
      "name": "CVE-2020-16044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-16044"
    },
    {
      "name": "CVE-2021-21137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21137"
    },
    {
      "name": "CVE-2021-21121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21121"
    },
    {
      "name": "CVE-2021-21130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21130"
    },
    {
      "name": "CVE-2021-24100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-24100"
    },
    {
      "name": "CVE-2021-21127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21127"
    },
    {
      "name": "CVE-2021-21144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21144"
    },
    {
      "name": "CVE-2021-21118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21118"
    },
    {
      "name": "CVE-2021-21146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21146"
    },
    {
      "name": "CVE-2021-21119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21119"
    },
    {
      "name": "CVE-2021-21134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21134"
    },
    {
      "name": "CVE-2021-21125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21125"
    }
  ],
  "initial_release_date": "2021-02-10T00:00:00",
  "last_revision_date": "2021-02-10T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-103",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-02-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Edge\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un\ncontournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 09 f\u00e9vrier 2021",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
    }
  ]
}

CNVD-2021-17310

Vulnerability from cnvd - Published: 2021-03-15

Title

Google Chrome下载策略执行不足漏洞（CNVD-2021-17310）

Description

Chrome是由Google开发的一款设计简单、高效的Web浏览工具，其特点是简洁、快速。 Google Chrome 88.0.4324.96之前版本存在下载策略执行不足漏洞。攻击者可利用该漏洞通过精心制作的HTML页面绕过导航限制。

Severity

中

Patch Name

Google Chrome下载策略执行不足漏洞（CNVD-2021-17310）的补丁

Patch Description

Chrome是由Google开发的一款设计简单、高效的Web浏览工具，其特点是简洁、快速。 Google Chrome 88.0.4324.96之前版本存在下载策略执行不足漏洞。攻击者可利用该漏洞通过精心制作的HTML页面绕过导航限制。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://chromereleases.googleblog.com/

Reference

https://chromereleases.googleblog.com/

Impacted products

Name
Google Chrome <88.0.4324.96

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-21133",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-21133"
    }
  },
  "description": "Chrome\u662f\u7531Google\u5f00\u53d1\u7684\u4e00\u6b3e\u8bbe\u8ba1\u7b80\u5355\u3001\u9ad8\u6548\u7684Web\u6d4f\u89c8\u5de5\u5177\uff0c\u5176\u7279\u70b9\u662f\u7b80\u6d01\u3001\u5feb\u901f\u3002\n\nGoogle Chrome 88.0.4324.96\u4e4b\u524d\u7248\u672c\u5b58\u5728\u4e0b\u8f7d\u7b56\u7565\u6267\u884c\u4e0d\u8db3\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u7cbe\u5fc3\u5236\u4f5c\u7684HTML\u9875\u9762\u7ed5\u8fc7\u5bfc\u822a\u9650\u5236\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://chromereleases.googleblog.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-17310",
  "openTime": "2021-03-15",
  "patchDescription": "Chrome\u662f\u7531Google\u5f00\u53d1\u7684\u4e00\u6b3e\u8bbe\u8ba1\u7b80\u5355\u3001\u9ad8\u6548\u7684Web\u6d4f\u89c8\u5de5\u5177\uff0c\u5176\u7279\u70b9\u662f\u7b80\u6d01\u3001\u5feb\u901f\u3002\r\n\r\nGoogle Chrome 88.0.4324.96\u4e4b\u524d\u7248\u672c\u5b58\u5728\u4e0b\u8f7d\u7b56\u7565\u6267\u884c\u4e0d\u8db3\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u7cbe\u5fc3\u5236\u4f5c\u7684HTML\u9875\u9762\u7ed5\u8fc7\u5bfc\u822a\u9650\u5236\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Google Chrome\u4e0b\u8f7d\u7b56\u7565\u6267\u884c\u4e0d\u8db3\u6f0f\u6d1e\uff08CNVD-2021-17310\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Google Chrome \u003c88.0.4324.96"
  },
  "referenceLink": "https://chromereleases.googleblog.com/",
  "serverity": "\u4e2d",
  "submitTime": "2021-01-20",
  "title": "Google Chrome\u4e0b\u8f7d\u7b56\u7565\u6267\u884c\u4e0d\u8db3\u6f0f\u6d1e\uff08CNVD-2021-17310\uff09"
}

CVE-2021-21133

Vulnerability from fstec - Published: 20.01.2021

Title

Уязвимость функции Downloads веб-браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности

Description

Уязвимость функции Downloads веб-браузера Google Chrome связана с некорректным ограничением визуализированных слоев пользовательского интерфейса. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, обойти существующие ограничения безопасности

Severity ?

Vendor

Microsoft Corp, Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра», Novell Inc., Google Inc, АО «ИВК», АО "НППКТ", АО «Концерн ВНИИНС»

Software Name

Microsoft Edge, Debian GNU/Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), OpenSUSE Leap, SUSE Package Hub for SUSE Linux Enterprise, Google Chrome, Альт 8 СП (запись в едином реестре российских программ №4305), ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), ОС ОН «Стрелец» (запись в едином реестре российских программ №6177)

Software Version

- (Microsoft Edge), 9 (Debian GNU/Linux), 1.6 «Смоленск» (Astra Linux Special Edition), 15.1 (OpenSUSE Leap), 10 (Debian GNU/Linux), 15.2 (OpenSUSE Leap), 15 SP2 (SUSE Package Hub for SUSE Linux Enterprise), до 88.0.4324.96 (Google Chrome), 15 SP1 (SUSE Package Hub for SUSE Linux Enterprise), - (Альт 8 СП), до 2.1 (ОСОН ОСнова Оnyx), до 16.01.2023 (ОС ОН «Стрелец»)

Possible Mitigations

Использование рекомендаций: Для Google Chrome: https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html Для программных продуктов Microsoft Corp.: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21133 Для Debian GNU/Linux: https://security-tracker.debian.org/tracker/CVE-2021-21133 Для программных продуктов Novell Inc.: https://www.suse.com/security/cve/CVE-2021-21133/ Для Astra Linux: Использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16 Для ОСОН Основа: Обновление программного обеспечения chromium до версии 90.0.4430.212+repack-1~deb10u1.osnova2 Для ОС ОН «Стрелец»: Обновление программного обеспечения chromium до версии 105.0.5195.125+repack2-1~deb11u1.osnova1.strelets Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства

Reference

https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21133 https://nvd.nist.gov/vuln/detail/CVE-2021-21133 https://security-tracker.debian.org/tracker/CVE-2021-21133 https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210611SE16 https://www.suse.com/security/cve/CVE-2021-21133/ https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.1/ https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023 https://altsp.su/obnovleniya-bezopasnosti/

CWE

CWE-287

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
  "CVSS 3.0": null,
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Microsoft Corp, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Novell Inc., Google Inc, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (Microsoft Edge), 9 (Debian GNU/Linux), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 15.1 (OpenSUSE Leap), 10 (Debian GNU/Linux), 15.2 (OpenSUSE Leap), 15 SP2 (SUSE Package Hub for SUSE Linux Enterprise), \u0434\u043e 88.0.4324.96 (Google Chrome), 15 SP1 (SUSE Package Hub for SUSE Linux Enterprise), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), \u0434\u043e 2.1 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Google Chrome:\nhttps://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Microsoft Corp.:\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21133\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2021-21133\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2021-21133/\n\n\n\u0414\u043b\u044f Astra Linux:\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f chromium \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 90.0.4430.212+repack-1~deb10u1.osnova2\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f chromium \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 105.0.5195.125+repack2-1~deb11u1.osnova1.strelets\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "20.01.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "16.09.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "23.02.2021",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-00965",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-21133",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Microsoft Edge, Debian GNU/Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), OpenSUSE Leap, SUSE Package Hub for SUSE Linux Enterprise, Google Chrome, \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Novell Inc. OpenSUSE Leap 15.1 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , Novell Inc. OpenSUSE Leap 15.2 , \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f -  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 Downloads \u0432\u0435\u0431-\u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Google Chrome, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u0431\u043e\u0439\u0442\u0438 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0435 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u0430\u044f \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f (CWE-287)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 Downloads \u0432\u0435\u0431-\u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Google Chrome \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u044b\u043c \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435\u043c \u0432\u0438\u0437\u0443\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0441\u043b\u043e\u0435\u0432 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u0433\u043e \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043e\u0431\u043e\u0439\u0442\u0438 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0435 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21133\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-21133\nhttps://security-tracker.debian.org/tracker/CVE-2021-21133\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20210611SE16\nhttps://www.suse.com/security/cve/CVE-2021-21133/\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.1/\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023\nhttps://altsp.su/obnovleniya-bezopasnosti/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-287",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,3)"
}

GHSA-G8Q5-X5P6-C4GC

Vulnerability from github – Published: 2022-05-24 17:41 – Updated: 2022-07-13 00:01

Details

Severity ?

6.5 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-21133"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-02-09T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Insufficient policy enforcement in Downloads in Google Chrome prior to 88.0.4324.96 allowed an attacker who convinced a user to download files to bypass navigation restrictions via a crafted HTML page.",
  "id": "GHSA-g8q5-x5p6-c4gc",
  "modified": "2022-07-13T00:01:06Z",
  "published": "2022-05-24T17:41:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21133"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1157743"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21133"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2021-21133

Vulnerability from fkie_nvd - Published: 2021-02-09 14:15 - Updated: 2024-11-21 05:47

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
chrome-cve-admin@google.com	https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html	Release Notes, Vendor Advisory
chrome-cve-admin@google.com	https://crbug.com/1157743	Permissions Required, Third Party Advisory
chrome-cve-admin@google.com	https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21133	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://crbug.com/1157743	Permissions Required, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21133	Third Party Advisory

Impacted products

	Vendor	Product	Version
	google	chrome	*
	microsoft	edge_chromium	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "565ED6B8-8F41-4E79-A280-33CB321E607F",
              "versionEndExcluding": "88.0.4324.96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4045760-DF4A-4728-9B52-0280FC45C05D",
              "versionEndExcluding": "88.0.705.50",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Insufficient policy enforcement in Downloads in Google Chrome prior to 88.0.4324.96 allowed an attacker who convinced a user to download files to bypass navigation restrictions via a crafted HTML page."
    },
    {
      "lang": "es",
      "value": "Una aplicaci\u00f3n de pol\u00edticas insuficientes en Downloads en Google Chrome versiones anteriores a 88.0.4324.96, permiti\u00f3 a un atacante que convenci\u00f3 a un usuario de descargar archivos para omitir las restricciones de navegaci\u00f3n por medio de una p\u00e1gina HTML dise\u00f1ada"
    }
  ],
  "id": "CVE-2021-21133",
  "lastModified": "2024-11-21T05:47:37.920",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-02-09T14:15:16.467",
  "references": [
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Permissions Required",
        "Third Party Advisory"
      ],
      "url": "https://crbug.com/1157743"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21133"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required",
        "Third Party Advisory"
      ],
      "url": "https://crbug.com/1157743"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21133"
    }
  ],
  "sourceIdentifier": "chrome-cve-admin@google.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2021-21133

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-21133

Aliases

CVE-2021-21133

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-21133",
    "description": "Insufficient policy enforcement in Downloads in Google Chrome prior to 88.0.4324.96 allowed an attacker who convinced a user to download files to bypass navigation restrictions via a crafted HTML page.",
    "id": "GSD-2021-21133",
    "references": [
      "https://www.suse.com/security/cve/CVE-2021-21133.html",
      "https://www.debian.org/security/2021/dsa-4846",
      "https://security.archlinux.org/CVE-2021-21133"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-21133"
      ],
      "details": "Insufficient policy enforcement in Downloads in Google Chrome prior to 88.0.4324.96 allowed an attacker who convinced a user to download files to bypass navigation restrictions via a crafted HTML page.",
      "id": "GSD-2021-21133",
      "modified": "2023-12-13T01:23:10.791560Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "chrome-cve-admin@google.com",
        "ID": "CVE-2021-21133",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Chrome",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "88.0.4324.96"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Google"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Insufficient policy enforcement in Downloads in Google Chrome prior to 88.0.4324.96 allowed an attacker who convinced a user to download files to bypass navigation restrictions via a crafted HTML page."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Insufficient policy enforcement"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html",
            "refsource": "MISC",
            "url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html"
          },
          {
            "name": "https://crbug.com/1157743",
            "refsource": "MISC",
            "url": "https://crbug.com/1157743"
          },
          {
            "name": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21133",
            "refsource": "MISC",
            "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21133"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "88.0.4324.96",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "88.0.705.50",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "chrome-cve-admin@google.com",
          "ID": "CVE-2021-21133"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Insufficient policy enforcement in Downloads in Google Chrome prior to 88.0.4324.96 allowed an attacker who convinced a user to download files to bypass navigation restrictions via a crafted HTML page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://crbug.com/1157743",
              "refsource": "MISC",
              "tags": [
                "Permissions Required",
                "Third Party Advisory"
              ],
              "url": "https://crbug.com/1157743"
            },
            {
              "name": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html"
            },
            {
              "name": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21133",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21133"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2021-03-08T18:52Z",
      "publishedDate": "2021-02-09T14:15Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-21133 (GCVE-0-2021-21133)

Solution

Solution

Solution

Tags

Sightings

Nomenclature