CVE-2021-21123

MEDIUM

Google Chrome < 88.0.4324.96 - Filesystem Restriction Bypass via File System API

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-21123. PoCs published by Puliczek.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2021-21123, a vulnerability in Google Chrome's File System Access API that allows file extension spoofing during downloads. The README includes a description of the vulnerability, affected versions, and references to related CVEs, but does not contain functional exploit code.

Description

Insufficient data validation in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.

Exploits (1)

nomisec WRITEUP 172 stars
by Puliczek · poc
https://github.com/Puliczek/CVE-2021-21123-PoC-Google-Chrome

This repository provides a detailed technical analysis of CVE-2021-21123, a vulnerability in Google Chrome's File System Access API that allows file extension spoofing during downloads. The README includes a description of the vulnerability, affected versions, and references to related CVEs, but does not contain functional exploit code.

Classification
Writeup 90%
Attack Type
Other
Complexity
Moderate
Reliability
Theoretical
Target: Google Chrome 86 and 87
No auth needed
Prerequisites: Google Chrome 86 or 87 · User interaction to download a file
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
Permissions Required, Third Party Advisory x_refsource_misc
https://crbug.com/1137247

Scores

CVSS v3 6.5
EPSS 0.0997
EPSS Percentile 95.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

CWE
CWE-20
Status published
Products (2)
google/chrome < 88.0.4324.96
microsoft/edge_chromium < 88.0.705.50
Published Feb 09, 2021
Tracked Since Feb 18, 2026