CVE-2021-21135: Inappropriate implementation in Performance API

Reference Links

• https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html (Advisory)
• https://crbug.com/1157818
• https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21135

Parent vulnerabilities

(Appears in the following advisories)

• 8963246051762193641

Peer vulnerabilities

(Found alongside the following vulnerabilities)

• CVE-2021-21117
• CVE-2021-21118
• CVE-2021-21119
• CVE-2021-21120
• CVE-2021-21121
• CVE-2021-21122
• CVE-2021-21123
• CVE-2021-21124
• CVE-2021-21125
• CVE-2020-16044
• CVE-2021-21126
• CVE-2021-21127
• CVE-2021-21128
• CVE-2021-21129
• CVE-2021-21130
• CVE-2021-21131
• CVE-2021-21132
• CVE-2021-21133
• CVE-2021-21134
• CVE-2021-21136
• CVE-2021-21137
• CVE-2021-21138
• CVE-2021-21139
• CVE-2021-21140
• CVE-2021-21141

Frequently Asked Questions

• What is the severity of CVE-2021-21135?

  CVE-2021-21135 is classified as a medium severity vulnerability.

• How do I fix CVE-2021-21135?

  To fix CVE-2021-21135, update Google Chrome to version 88.0.4324.96 or later.

• What type of attack does CVE-2021-21135 enable?

  CVE-2021-21135 allows a remote attacker to leak cross-origin data via a crafted HTML page.

• Which software is affected by CVE-2021-21135?

  CVE-2021-21135 affects Google Chrome versions prior to 88.0.4324.96 and Microsoft Edge Chromium prior to 88.0.705.50.

• What is the recommended action for users of Chrome regarding CVE-2021-21135?

  Users of Chrome should promptly update their browser to the latest version to mitigate CVE-2021-21135.