What is the vulnerability ID of this issue?

The vulnerability ID of this issue is CVE-2021-21177.

What is the severity of CVE-2021-21177?

The severity of CVE-2021-21177 is medium with a score of 6.5.

How does CVE-2021-21177 impact Google Chrome?

CVE-2021-21177 affects Google Chrome versions prior to 89.0.4389.72 and allows a remote attacker to obtain potentially sensitive information.

How can I fix CVE-2021-21177 in Google Chrome?

To fix CVE-2021-21177 in Google Chrome, update to version 89.0.4389.72 or later.

Are there any references available for CVE-2021-21177?

Yes, you can find references for CVE-2021-21177 at the following links: [Reference 1](https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html), [Reference 2](https://crbug.com/1173879), [Reference 3](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BBT54RKAE5XLMWSHLVUKJ7T2XHHYMXLH/).

Vulnerability/
CVE-2021-21177

medium

6.5

CWE

732

3/2/2021

9/3/2021

3/8/2024

CVE-2021-21177: Insufficient policy enforcement in Autofill

First published: Wed Feb 03 2021(Updated: )

Insufficient policy enforcement in Autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

Credit: chrome-cve-admin@google.com chrome-cve-admin@google.com Abdulrahman Alqabandi Microsoft Browser Vulnerability Research

Affected Software	Affected Version	How to fix
debian/chromium		90.0.4430.212-1~deb10u1 116.0.5845.180-1~deb11u1 118.0.5993.70-1~deb11u1 116.0.5845.180-1~deb12u1 118.0.5993.70-1~deb12u1 118.0.5993.70-1
Google Chrome	<89.0.4389.72
Fedoraproject Fedora	=32
Fedoraproject Fedora	=33
Fedoraproject Fedora	=34
Debian Debian Linux	=10.0
Google Chrome	<89.0.4389.72	89.0.4389.72

Remedy

https://crbug.com/1173879

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

3803715665928870837

Frequently Asked Questions

What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2021-21177.
What is the severity of CVE-2021-21177?
The severity of CVE-2021-21177 is medium with a score of 6.5.
How does CVE-2021-21177 impact Google Chrome?
CVE-2021-21177 affects Google Chrome versions prior to 89.0.4389.72 and allows a remote attacker to obtain potentially sensitive information.
How can I fix CVE-2021-21177 in Google Chrome?
To fix CVE-2021-21177 in Google Chrome, update to version 89.0.4389.72 or later.
Are there any references available for CVE-2021-21177?
Yes, you can find references for CVE-2021-21177 at the following links: [Reference 1](https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html), [Reference 2](https://crbug.com/1173879), [Reference 3](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BBT54RKAE5XLMWSHLVUKJ7T2XHHYMXLH/).

collector/security-tracker-debian
agent/type
agent/last-modified-date
collector/nvd-api
agent/software-canonical-lookup-request
collector/nvd-index
agent/weakness
agent/remedy
agent/references
agent/description
collector/chrome-releases
agent/software-canonical-lookup
agent/title
agent/severity
agent/softwarecombine
agent/author
agent/first-publish-date
agent/event
agent/tags
collector/mitre-cve
source/MITRE
package-manager/debian
vendor/google
canonical/google chrome
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/32
version/fedoraproject fedora/33
version/fedoraproject fedora/34
vendor/debian
canonical/debian debian linux
version/debian debian linux/10.0