CVE-2021-30533
CVE-2021-30533
In short
Google Chrome's popup blocker wasn't properly enforced, allowing attackers to bypass navigation restrictions through a specially crafted iframe. This could redirect users to unwanted websites despite the popup blocker being enabled.
Technical detail
Insufficient policy enforcement in Chrome's PopupBlocker allowed a remote attacker to bypass navigation restrictions by crafting a malicious iframe. The vulnerability required user interaction with a specially designed web page and affected versions prior to 91.0.4472.77; impact was navigation restriction bypass potentially leading to unwanted redirects or malicious page loads.
Summary generated and translated by AI from the official description.
Insufficient policy enforcement in PopupBlocker in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted iframe.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Affected products
Google · ChromeWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.htmlhttps://crbug.com/1145553https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ETMZL6IHCTCTREEL434BQ4THQ7EOHJ43/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAT6EOXVQFE6JFMFQF4IKAOUQSHMHL54/https://security.gentoo.org/glsa/202107-06https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30533