vulnerability

Microsoft Edge Chromium: CVE-2021-21208 Insufficient data validation in QR scanner

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

Apr 26, 2021

Added

Nov 17, 2021

Modified

Mar 30, 2026

Description

Insufficient data validation in QR scanner in Google Chrome on iOS prior to 90.0.4430.72 allowed an attacker displaying a QR code to perform domain spoofing via a crafted QR code.

Solution

microsoft-edge-upgrade-latest

References

CVE-2021-21208
https://attackerkb.com/topics/CVE-2021-21208
CWE-20
EUVD-EUVD-2021-8599
https://euvd.enisa.europa.eu/vulnerability/EUVD-2021-8599
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21208

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report