Lucene search

GoogleOSV:CVE-2024-3172

HistoryJul 16, 2024 - 11:15 p.m.

CVE-2024-3172

2024-07-1623:15:23

Google

osv.dev

google chrome

devtools

data validation

remote attacker

arbitrary code

ui gestures

html page

chromium

security severity

high

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

26.7%

JSON

Insufficient data validation in DevTools in Google Chrome prior to 121.0.6167.85 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

References

chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html

issues.chromium.org/issues/40942152

security-tracker.debian.org/tracker/CVE-2024-3172

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

26.7%

JSON

Related for OSV:CVE-2024-3172