CVE-2021-38000
CVE-2021-38000
In short
Google Chrome on Android didn't properly check URLs passed through Intents, allowing attackers to trick users into visiting malicious websites by creating a specially crafted HTML page.
Technical detail
Insufficient input validation in Chrome's Intent handler on Android allowed remote attackers to perform open redirect attacks, redirecting users to arbitrary malicious URLs via crafted HTML content. Exploitation requires user interaction with the malicious page and affects versions prior to 95.0.4638.69.
Summary generated and translated by AI from the official description.
Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected products
Google · ChromeWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.htmlhttps://crbug.com/1249962https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-38000https://www.debian.org/security/2022/dsa-5046