製品・ソフトウェアに関する情報

JVN脆弱性詳細

Android 上で稼働する Google Chrome における同一生成元ポリシー違反に関する脆弱性

Title	Android 上で稼働する Google Chrome における同一生成元ポリシー違反に関する脆弱性
Summary	Android 上で稼働する Google Chrome には、同一生成元ポリシー違反に関する脆弱性が存在します。
Possible impacts	情報を改ざんされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	April 26, 2021, midnight
Registration Date	Dec. 28, 2021, 4:06 p.m.
Last Update	Dec. 28, 2021, 4:06 p.m.

Affected System

Debian

Debian GNU/Linux

Fedora Project

Fedora

Google

Google Chrome 90.0.4430.93 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2021-21229	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21229
National Vulnerability Database (NVD)
2	CVE-2021-21229	https://nvd.nist.gov/vuln/detail/CVE-2021-21229

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-346	https://cwe.mitre.org/data/definitions/346.html

ベンダー情報

No	Name	URL
Chromium
1	Issue 1198165	https://crbug.com/1198165
Debian Security Advisory
2	DSA-4911-1	https://www.debian.org/security/2021/dsa-4911
Fedora Update Notification
3	FEDORA-2021-35d2bb4627	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3GZ42MYPGD35V652ZPVPYYS7A7LVXVY/
4	FEDORA-2021-c3754414e7	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUZBGKGVZADNA3I24NVG7HAYYUTOSN5A/
5	FEDORA-2021-ff893e12c5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EAJ42L4JFPBJATCZ7MOZQTUDGV4OEHHG/
Google
6	Stable Channel Update for Desktop	https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html

Change Log

No	Changed Details	Date of change
1	[2021年12月28日] 掲載	Dec. 28, 2021, 4:06 p.m.

NVD Vulnerability Information

CVE-2021-21229

Summary	Incorrect security UI in downloads in Google Chrome on Android prior to 90.0.4430.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
Publication Date	May 1, 2021, 6:15 a.m.
Registration Date	May 1, 2021, 10:04 a.m.
Last Update	Nov. 21, 2024, 2:47 p.m.

Affected software configurations

Configuration2		or higher	or less	more than	less than
cpe:2.3:o:debian:debian_linux:10.0:::::::*

Related information, measures and tools

No	URL	タグ
1	https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html	Release Notes Vendor Advisory
2	https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html	Release Notes Vendor Advisory
3	https://crbug.com/1198165	Broken Link Vendor Advisory
4	https://crbug.com/1198165	Broken Link Vendor Advisory
5	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EAJ42L4JFPBJATCZ7MOZQTUDGV4OEHHG/
6	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EAJ42L4JFPBJATCZ7MOZQTUDGV4OEHHG/
7	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3GZ42MYPGD35V652ZPVPYYS7A7LVXVY/
8	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3GZ42MYPGD35V652ZPVPYYS7A7LVXVY/
9	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUZBGKGVZADNA3I24NVG7HAYYUTOSN5A/
10	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUZBGKGVZADNA3I24NVG7HAYYUTOSN5A/
11	https://security.gentoo.org/glsa/202104-08	Third Party Advisory
12	https://security.gentoo.org/glsa/202104-08	Third Party Advisory
13	https://www.debian.org/security/2021/dsa-4911	Third Party Advisory
14	https://www.debian.org/security/2021/dsa-4911	Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-346	同一生成元ポリシー違反	https://cwe.mitre.org/data/definitions/346.html