CVE-2021-4316 : Inappropriate implementation in Cast UI in Google Chrome prior to 96.0.4664.45 a

Inappropriate implementation in Cast UI in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to spoof browser UI via a crafted HTML page. (Chromium security severity: Low)

Published 2023-07-29 00:15:10

Updated 2023-08-12 06:15:10

Source Chrome

View at NVD, CVE.org

Products affected by CVE-2021-4316

Google » Chrome
Versions before (<) 96.0.4664.45
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2021-4316

EPSS FAQ

0.12%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 28 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-4316

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	2.8	1.4	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: Low Availability: None

References for CVE-2021-4316

https://crbug.com/1152952

1152952 - Security: Cast tab can appear after navigation to a different origin
Exploit;Issue Tracking;Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/

[SECURITY] Fedora 38 Update: chromium-115.0.5790.170-1.fc38 - package-announce - Fedora Mailing-Lists

CVEs referencing this url
https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html

Chrome Releases: Stable Channel Update for Desktop
Release Notes;Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2021-4316

Products affected by CVE-2021-4316

Exploit prediction scoring system (EPSS) score for CVE-2021-4316

CVSS scores for CVE-2021-4316

References for CVE-2021-4316