{"alias":[],"description":"Insufficient policy enforcement in payments in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.","epss":{"percentile":"0.70055","score":"0.006160"},"id":"CVE-2021-21189","metrics":{"cvss2":{"ac_insuf_info":0,"access_complexity":"MEDIUM","access_vector":"NETWORK","authentication":"NONE","availability_impact":"NONE","base_score":4.3,"base_severity":"MEDIUM","confidentiality_impact":"NONE","exploitability_score":8.6,"impact_score":2.9,"integrity_impact":"PARTIAL","obtain_all_privilege":0,"obtain_other_privilege":0,"obtain_user_privilege":0,"user_interaction_required":1,"vector_string":"AV:N\/AC:M\/Au:N\/C:N\/I:P\/A:N","version":"2.0"},"cvss3":{"attack_complexity":"LOW","attack_vector":"NETWORK","availability_impact":"NONE","base_score":4.3,"base_severity":"MEDIUM","confidentiality_impact":"NONE","exploitability_score":2.8,"impact_score":1.4,"integrity_impact":"LOW","privileges_required":"NONE","scope":"UNCHANGED","user_interaction":"REQUIRED","vector_string":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:N\/I:L\/A:N","version":"3.1"}},"modified":"2024-11-21T05:47:44","nvd_status":"Modified","published":"2021-03-09T18:15:17","score":4.3,"severity":"MEDIUM","source":"chrome-cve-admin@google.com","status":"PUBLISHED","weaknesses":[]}