CVE-2021-4321: 
Google Chrome vulnerability analysis and mitigation

A policy bypass vulnerability (CVE-2021-4321) was discovered in the Blink engine of Google Chrome versions prior to 91.0.4472.77. The vulnerability allowed remote attackers to bypass content security policy through a crafted HTML page. This security issue was reported by Austin Williams on December 27, 2020, and was assigned a Low severity rating by the Chromium security team (Chrome Release).

The vulnerability affects the Blink rendering engine in Google Chrome and allows attackers to bypass the Content Security Policy (CSP) implementation. The issue has been assigned a CVSS v3.1 Base Score of 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N, indicating that it requires user interaction and can lead to low-impact integrity violations (NVD Database).

The vulnerability could allow attackers to bypass Content Security Policy protections, potentially leading to policy violations and compromising the security measures put in place to prevent cross-site scripting (XSS) and other web-based attacks. The impact is considered Low severity due to the limited scope of the potential exploitation (Chrome Release).

Google addressed this vulnerability in Chrome version 91.0.4472.77. Users and administrators are advised to upgrade to this version or later to mitigate the risk. The fix was included as part of a larger security update that addressed multiple vulnerabilities (Chrome Release).