CVE-2021-30596: Incorrect security UI in Navigation

Reference Links

• https://chromereleases.googleblog.com/2021/08/the-stable-channel-has-been-updated-to.html (Advisory)
• https://crbug.com/1214481
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5LVY4WIWTVVYKQMROJJS365TZBKEARCF/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPJPUSAWIJMQFBQQQYXAICLI4EKFQOH6/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QW4R2K5HVJ4R6XDZYOJCCFPIN2XHNS3L/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LVY4WIWTVVYKQMROJJS365TZBKEARCF/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QW4R2K5HVJ4R6XDZYOJCCFPIN2XHNS3L/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPJPUSAWIJMQFBQQQYXAICLI4EKFQOH6/

Parent vulnerabilities

(Appears in the following advisories)

• 1656672544346881992

Peer vulnerabilities

(Found alongside the following vulnerabilities)

• CVE-2021-30590
• CVE-2021-30591
• CVE-2021-30592
• CVE-2021-30593
• CVE-2021-30594
• CVE-2021-30597

Frequently Asked Questions

• What is the severity of CVE-2021-30596?

  CVE-2021-30596 is considered a medium severity vulnerability.

• How do I fix CVE-2021-30596?

  To fix CVE-2021-30596, upgrade Google Chrome to version 92.0.4515.131 or later.

• Who is affected by CVE-2021-30596?

  Users of Google Chrome on Android versions prior to 92.0.4515.131 are affected by CVE-2021-30596.

• What does CVE-2021-30596 exploit?

  CVE-2021-30596 exploits an incorrect security UI in the Navigation component of Google Chrome.

• What type of attack does CVE-2021-30596 allow?

  CVE-2021-30596 allows a remote attacker to spoof the contents of the Omnibox via a crafted HTML page.