CVE-2024-5840

2024-06-1121:15:54

Google

osv.dev

cve-2024-5840

cors

google chrome

access control

html page

chromium

security severity

medium

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.9%

JSON

Policy bypass in CORS in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium)

CPENameOperatorVersion
chromiumeq119.0.6045.199-1
chromiumeq100.0.4896.88-1~deb11u1
chromiumeq106.0.5249.119-1~deb11u1
chromiumeq87.0.4280.88-0.4~deb10u1
chromiumeq103.0.5060.114-1
chromiumeq122.0.6261.111-1~deb12u1
chromiumeq80.0.3987.122-2
chromiumeq101.0.4951.64-1~deb11u1
chromiumeq121.0.6167.160-1
chromiumeq88.0.4324.146-1~deb10u1

Name	Operator	Version
chromium	eq	119.0.6045.199-1
chromium	eq	100.0.4896.88-1~deb11u1
chromium	eq	106.0.5249.119-1~deb11u1
chromium	eq	87.0.4280.88-0.4~deb10u1
chromium	eq	103.0.5060.114-1
chromium	eq	122.0.6261.111-1~deb12u1
chromium	eq	80.0.3987.122-2
chromium	eq	101.0.4951.64-1~deb11u1
chromium	eq	121.0.6167.160-1
chromium	eq	88.0.4324.146-1~deb10u1