Insufficient policy enforcement in WebUI in Google Chrome prior to 87.0.4280.141 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.

References

• https://nvd.nist.gov/vuln/detail/CVE-2021-21111
• https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop.html
• https://crbug.com/1149125
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VVUWIJKZTZTG6G475OR6PP4WPQBVM6PS/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z6P6AVVFP7B2M4H7TJQBASRZIBLOTUFN/
• https://security.gentoo.org/glsa/202101-05
• https://www.debian.org/security/2021/dsa-4832