CVE-2021-30533
MEDIUM KEVGoogle Chrome < 91.0.4472.77 - Navigation Restriction Bypass via PopupBlocker
Title source: llmExploitation Summary
CVE-2021-30533 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added June 27, 2022.
Description
Insufficient policy enforcement in PopupBlocker in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted iframe.
References (6)
Core 6
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html
Exploit, Issue Tracking, Patch, Vendor Advisory x_refsource_misc
https://crbug.com/1145553
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/202107-06
Mailing List, Release Notes vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAT6EOXVQFE6JFMFQF4IKAOUQSHMHL54/
Mailing List, Release Notes vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ETMZL6IHCTCTREEL434BQ4THQ7EOHJ43/
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30533
Scores
CVSS v3
6.5
EPSS
0.1671
EPSS Percentile
95.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
partial
Details
CISA KEV
2022-06-27
VulnCheck KEV
2021-08-16
InTheWild.io
2021-08-16
ENISA EUVD
EUVD-2021-17454
CWE
CWE-863
Status
published
Products (3)
fedoraproject/fedora
33
fedoraproject/fedora
34
google/chrome
< 91.0.4472.77
Published
Jun 07, 2021
KEV Added
Jun 27, 2022
Tracked Since
Feb 18, 2026