Google Chrome PopupBlocker navigation restriction bypass

Successful exploitation allows an attacker to bypass intended browser navigation restrictions, enabling unauthorized or unexpected navigations/redirects in the victim's browser session. The primary security impact is integrity-related rather than direct code execution: an attacker can force or facilitate navigation behavior that the browser should have blocked, which can be leveraged in malvertising, redirect chains, delivery of unwanted or malicious content, and related social-engineering workflows. Reported scoring indicates high integrity impact with no direct confidentiality or availability impact from this flaw alone.

If immediate patching is not possible, reduce exposure by limiting use of untrusted websites and ad-driven content, especially where malicious iframes or redirect chains may be encountered. Employ least-privilege user contexts to reduce downstream impact, use browser and enterprise controls that restrict unwanted popups/redirects where available, and consider ad/malvertising filtering or isolation controls. User awareness measures around untrusted links and websites may also reduce exploitation opportunities, but patching is the primary mitigation.

Update Google Chrome and affected Chromium-based browsers to version 91.0.4472.77 or later, or to the vendor-fixed package versions for downstream distributions. The content specifically references Google’s stable channel fix and downstream fixes such as Fedora chromium 91.0.4472.114 packages and SUSE/openSUSE package updates. Apply vendor updates per vendor instructions, including any Chromium, Chrome, WebEngine, or browser package updates that incorporate the upstream fix.