CVE-2024-7019

2024-09-2322:15:03

CWE-451

Chrome

web.nvd.nist.gov

google chrome

ui implementation

remote attacker

ui spoofing

html page

chromium

medium severity

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

AI Score

6.4

Confidence

High

EPSS

Percentile

9.6%

JSON

Inappropriate implementation in UI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Affected configurations

Vulners

Vulnrichment

Node

googlechromeRange<124.0.6367.60

VendorProductVersionCPE
googlechrome*cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	chrome	*	cpe:2.3:a:google:chrome::::::::

CNA Affected

[
  {
    "vendor": "Google",
    "product": "Chrome",
    "versions": [
      {
        "version": "124.0.6367.60",
        "status": "affected",
        "lessThan": "124.0.6367.60",
        "versionType": "custom"
      }
    ]
  }
]