Privilege Issues

CVE-2021-38010

Medium

6.5/10

Summary

Inappropriate implementation in service workers in Google Chrome prior to 96.0.4664.45 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-265 - Privilege Issues

Weaknesses in this category occur with improper handling, assignment, or management of privileges. A privilege is a property of an agent, such as a user. It lets the agent do things that are not ordinarily allowed. For example, there are privileges which allow an agent to perform maintenance functions such as restart a computer.

References

Release Note
Advisory
Pull request

Advisory Timeline

Published Dec 23, 2021

Privilege Issues

CVE-2021-38010

Summary

CWE-265 - Privilege Issues

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS