Origin Validation Error

CVE-2021-37967

Medium

4.3/10

Summary

Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-346 - Origin Validation Error

The software does not properly verify that the source of data or communication is valid.

References

Release Note
Release Note
Issue
Issue

Advisory Timeline

Published Oct 08, 2021

Origin Validation Error

CVE-2021-37967

Summary

CWE-346 - Origin Validation Error

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS