CVE-2021-21189

ENISA EUVD: EUVD-2021-8580 ↗
✓ Confirmed 0-Day
Triaged: March 20, 2026 2 articles Published: 2021-03-09
VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗

EPSS Score

Source: FIRST.org · 2026-05-23
0.62%
probability
This CVE has a 0.62% probability of being exploited in the next 30 days.
0% Top 70.2th percentile of all CVEs 100%

CVSS v3.1

Source: NVD
4.3
MEDIUM
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CVSS v2 (legacy)

4.3
MEDIUM
Access Vector
Network
Access Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
AV:N/AC:M/Au:N/C:N/I:P/A:N

Description

VulnerabilityLookup (CNA)
Insufficient policy enforcement in payments in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

Affected Products

Google
Chrome
unspecified

Signal Intelligence

Confidence
85%
EPSS 0.62%
CVSS v3.1 4.3
Mentions 2
Last Seen Mar 09, 2021

CNA Information

CNA Assigner
Chrome

Analyst Note

Article [1] explicitly names this CVE as an 'actively exploited Chrome zero-day bug' fixed by Google in 2021, confirming in-the-wild exploitation. The CVE year (2021) aligns with the patch timing, indicating exploitation occurred contemporaneously with or before the patch release.

Triage Info

Decided atMar 20, 2026
Published DateMar 09, 2021