CVE-2021-38017
HIGH WAF: Low
CVSS 8.8
Published: 2021-12-23
CWE-863
Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
WAF Coverage Analysis
Incorrect Authorization
Low WAF Coverage
OWASP: A01:2021 Broken Access Control
Affected Software
| Vendor | Product | Version |
|---|---|---|
| chrome | up to 96.0.4664.45 | |
| fedoraproject | fedora | 34 |
| debian | debian_linux | 10.0 |
| debian | debian_linux | 11.0 |
References
- chromereleases.googleblog.com (Vendor Advisory)
- crbug.com (Permissions Required)
- lists.fedoraproject.org
- www.debian.org (Third Party Advisory)