What is the severity of CVE-2021-21172?

CVE-2021-21172 is classified as a high severity vulnerability due to its potential for exploitation by remote attackers to bypass filesystem restrictions.

How do I fix CVE-2021-21172?

To mitigate CVE-2021-21172, users should update Google Chrome to version 89.0.4389.72 or later.

What does CVE-2021-21172 affect?

CVE-2021-21172 affects Google Chrome versions prior to 89.0.4389.72 and allows remote attackers to bypass filesystem restrictions.

Is CVE-2021-21172 specific to any operating system?

CVE-2021-21172 primarily impacts Google Chrome running on Windows and other operating systems that support the affected versions.

Can an attacker exploit CVE-2021-21172 without user interaction?

Yes, CVE-2021-21172 can be exploited through a crafted HTML page, which may allow for remote execution without direct user interaction.

Vulnerability/
CVE-2021-21172

high

8.1

19/11/2020

9/3/2021

3/8/2024

CVE-2021-21172: Insufficient policy enforcement in File System API

First published: Thu Nov 19 2020(Updated: )

Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 89.0.4389.72 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.

Credit: chrome-cve-admin@google.com Maciej Pulikowski

Affected Software	Affected Version	How to fix
debian/chromium		90.0.4430.212-1~deb10u1 116.0.5845.180-1~deb11u1 118.0.5993.70-1~deb11u1 116.0.5845.180-1~deb12u1 118.0.5993.70-1~deb12u1 118.0.5993.70-1
Google Chrome (Trace Event)	<89.0.4389.72	89.0.4389.72
Google Chrome (Trace Event)	<89.0.4389.72
Microsoft Windows
Fedora	=32
Fedora	=33
Fedora	=34
Debian	=10.0

Remedy

https://crbug.com/1150810

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

3803715665928870837

Frequently Asked Questions

What is the severity of CVE-2021-21172?
CVE-2021-21172 is classified as a high severity vulnerability due to its potential for exploitation by remote attackers to bypass filesystem restrictions.
How do I fix CVE-2021-21172?
To mitigate CVE-2021-21172, users should update Google Chrome to version 89.0.4389.72 or later.
What does CVE-2021-21172 affect?
CVE-2021-21172 affects Google Chrome versions prior to 89.0.4389.72 and allows remote attackers to bypass filesystem restrictions.
Is CVE-2021-21172 specific to any operating system?
CVE-2021-21172 primarily impacts Google Chrome running on Windows and other operating systems that support the affected versions.
Can an attacker exploit CVE-2021-21172 without user interaction?
Yes, CVE-2021-21172 can be exploited through a crafted HTML page, which may allow for remote execution without direct user interaction.

collector/security-tracker-debian
agent/type
agent/remedy
agent/title
agent/severity
agent/author
agent/description
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/references
agent/last-modified-date
agent/event
agent/trending
agent/source
agent/softwarecombine
agent/tags
collector/chrome-releases
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-index
package-manager/debian
vendor/google
canonical/google chrome (trace event)
vendor/microsoft
canonical/microsoft windows
vendor/fedoraproject
canonical/fedora
version/fedora/32
version/fedora/33
version/fedora/34
vendor/debian
canonical/debian
version/debian/10.0