CVE-2021-34506: Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Overview

Severity

Medium (CVSS 6.1)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C

Category

Edge - Chromium

Exploit Status

Not Exploited

Patch Tuesday

2021-Jun

Released

2021-06-24

Last Updated

2023-08-17

EPSS Score

0.75% (percentile: 73.3%)

FAQ

What is the version information for this release? Microsoft Edge Version Date Released Based on Chromium Version 91.0.864.59 6/24/2021 91.0.4472.101 According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.

Affected Products (1)

Browser

• Microsoft Edge (Chromium-based)

Acknowledgments

<a href="https://twitter.com/MrRajputHacker/">Shivam Kumar Singh</a> with <a href="https://cyberxplore.com">CyberXplore Private Limited</a>, <a href="https://linkedin.com/in/vanshdevgan">Vansh Devgan</a> with <a href="https://cyberxplore.com">CyberXplore Private Limited</a>, <a href="">Ignacio Laurence</a> with <a href=""></a>, Anonymous

Revision History

• 2021-06-24: Information published.
• 2021-09-21: Updated information to include CVSS scores. This is an informational change only.
• 2023-08-01: Added an FAQ. This is an information change only.
• 2023-08-17: Updated information to include CVSS scores. This is an informational change only.