Always-Incorrect Control Flow Implementation

CVE-2021-38019

Medium

6.5/10

Summary

Insufficient policy enforcement in CORS in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-670 - Always-Incorrect Control Flow Implementation

The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated.

References

Release Note
Advisory
Issue

Advisory Timeline

Published Dec 23, 2021

Always-Incorrect Control Flow Implementation

CVE-2021-38019

Summary

CWE-670 - Always-Incorrect Control Flow Implementation

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS