Lucene search

K
cveChromeCVE-2024-0811
HistoryJan 24, 2024 - 12:15 a.m.

CVE-2024-0811

2024-01-2400:15:08
Chrome
web.nvd.nist.gov
54
cve-2024-0811
google chrome
extensions api
data leak
security vulnerability

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

AI Score

5.4

Confidence

Low

EPSS

0.001

Percentile

20.4%

Inappropriate implementation in Extensions API in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low)

Affected configurations

Nvd
Vulners
Node
googlechromeRange<121.0.6167.85
Node
fedoraprojectfedoraMatch38
OR
fedoraprojectfedoraMatch39
VendorProductVersionCPE
googlechrome*cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
fedoraprojectfedora38cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
fedoraprojectfedora39cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "Google",
    "product": "Chrome",
    "versions": [
      {
        "version": "121.0.6167.85",
        "status": "affected",
        "lessThan": "121.0.6167.85",
        "versionType": "custom"
      }
    ]
  }
]

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

AI Score

5.4

Confidence

Low

EPSS

0.001

Percentile

20.4%