CVE-2021-4323

2023-07-2823:26:54

Chrome

www.cve.org

google chrome

input validation

extensions

security vulnerability

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.1%

JSON

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to access local files via a crafted Chrome Extension. (Chromium security severity: Medium)

CNA Affected

[
  {
    "vendor": "Google",
    "product": "Chrome",
    "versions": [
      {
        "version": "90.0.4430.72",
        "status": "affected",
        "lessThan": "90.0.4430.72",
        "versionType": "custom"
      }
    ]
  }
]