Lucene search

K
redosRedosROS-20240329-07
HistoryMar 29, 2024 - 12:00 a.m.

ROS-20240329-07

2024-03-2900:00:00
redos.red-soft.ru
8
google chrome
pip
autofill
payments
downloads
history
reading mode
full-screen mode
profiles
side panel
navigation
vulnerabilities
security checks
remote exploitation
malicious web page
unauthorized access

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.4 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.4%

A vulnerability in the Picture-in-Picture (PiP) technology of the Google Chrome browser is related to errors in the presentation of
errors in the presentation of information by the user interface. Exploitation of the vulnerability could allow an attacker,
acting remotely, to conduct spoofing attacks

Autofill vulnerability in Google Chrome browser is related to incorrectly implemented security checks for standard elements.
security checks for standard elements. Exploitation of the vulnerability could allow an attacker,
acting remotely, to affect the integrity of protected information by downloading a specially crafted HTML page.
specially crafted HTML page

A vulnerability in the Payments component of the Google Chrome browser is related to incorrectly implemented security checks for standard elements.
security checks for standard elements. Exploitation of the vulnerability could allow an attacker acting remotely to bypass security restrictions and security controls.
remotely bypass security restrictions and gain unauthorized access to protected information.

A vulnerability in the Downloads component of the Google Chrome browser is associated with incorrectly implemented security checks for standard elements.
security checks for standard elements. Exploitation of the vulnerability could allow an attacker,
acting remotely, to gain unauthorized access to protected information using a specially crafted malicious web page.
malicious web page

A vulnerability in the Blink History component of the Google Chrome browser is related to writing beyond buffer boundaries in the
memory. Exploitation of the vulnerability could allow an attacker acting remotely to execute
arbitrary code

A vulnerability in the Reading Mode component of Google Chrome browser is related to memory usage after it has been freed.
memory after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely to gain
unauthorized access to protected information using a specially crafted web page

A vulnerability in the full-screen mode implementation of the Google Chrome browser is related to an incorrectly implemented security check for standard elements.
security checks for standard elements. Exploitation of the vulnerability could allow an attacker,
acting remotely, to affect the integrity of protected information by installing a malicious extension.
extension

A vulnerability in the Profiles component of the Google Chrome browser is related to memory usage after it is released.
freeing. Exploitation of the vulnerability could allow a remote intruder to gain unauthorized access to protected information by installing a malicious extension.
unauthorized access to protected information using a specially crafted web page

A vulnerability in the Autofill feature of the Autofill function of the Google Chrome browser that allows an attacker to disclose
protected information

A vulnerability in the β€œSide Panel” control of the Google Chrome browser is related to the use of memory after its release.
memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker,
acting remotely, to gain unauthorized access to protected information by using a specially crafted web page.
specially crafted web page

A vulnerability in the Downloads component of the Google Chrome browser is related to errors in the presentation of user interface information.
information presentation errors in the user interface. Exploitation of the vulnerability could allow an attacker,
acting remotely, to conduct spoofing attacks

Vulnerability in the Downloads component of Google Chrome browser is related to incorrectly implemented security checks for standard elements.
security checks for standard elements. Exploitation of the vulnerability could allow an attacker,
acting remotely, to gain unauthorized access to protected information through a specially designed web page.
specially crafted web page

A vulnerability in the Navigation component of the Google Chrome browser is related to errors in the presentation of information
user interface. Exploitation of the vulnerability could allow an attacker acting remotely,
Spoofing attacks using a specially crafted HTML page

A vulnerability in the USB peripheral connection interface of the Google Chrome browser is related to the following
insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code.
remotely execute arbitrary code using a specially crafted web page.

A vulnerability in the Cast component of the Google Chrome browser is related to memory usage after it has been freed.
Exploitation of the vulnerability could allow an attacker acting remotely to compromise the process of
rendering process using a specially crafted HTML page

A vulnerability in the Downloads component of the Google Chrome browser is related to an incorrectly implemented security check for standard elements.
security checks for standard elements. Exploitation of the vulnerability could allow an attacker,
acting remotely, to conduct a spoofing attack

A vulnerability in the Intents feature of Google Chrome browser is related to incorrectly implemented security checks for standard elements.
standard elements. Exploitation of the vulnerability could allow an attacker acting remotely to bypass
existing access restrictions

Vulnerability in Extensions API component of Microsoft Edge and Google Chrome browser is related to incorrect security checks for standard elements.
security checks for standard elements. Exploitation of the vulnerability could allow an attacker,
acting remotely, to gain unauthorized access to protected information using a specially created HTML page.
specially crafted HTML page

A vulnerability in the Profiles component of Google Chrome and Microsoft Edge browsers is related to memory utilization
after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely,
execute arbitrary code or cause a denial of service using a specially crafted HTML page

A vulnerability in the Printing component of the Google Chrome browser is related to memory usage after it has been freed.
freeing. Exploitation of the vulnerability could allow an attacker acting remotely to gain
unauthorized access to protected information using a specially crafted web page

Vulnerability in PDFium component of Google Chrome browser is related to buffer overflow. Exploitation
vulnerability could allow a remote attacker to execute arbitrary code using a specially crafted PDF file.
specially crafted PDF file

Vulnerability in the Input component of Google Chrome browser is related to incorrectly implemented security checks for standard elements.
security checks for standard elements. Exploitation of the vulnerability could allow an attacker acting remotely to spoof the Input component of the Google Chrome browser.
remotely spoofing attacks using a specially crafted HTML page.

A vulnerability in the WebApp Provider component of Google Chrome browser is associated with incorrectly implemented security checks for standard elements.
security checks for standard elements. Exploitation of the vulnerability could allow an attacker,
acting remotely, to gain unauthorized access to protected information through the use of specially
malicious HTML pages created on purpose

A vulnerability in the DevTools web development toolkit for Microsoft Edge and Google Chrome browsers
is related to a buffer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary malicious HTML pages.
remotely execute arbitrary code using a specially crafted PDF file.

Vulnerability in the Site Isolation component of Google Chrome browser is related to memory usage after it is released.
freeing. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code using a specially crafted PDF file.
arbitrary code using a specially crafted HTML page

A vulnerability in the Installer component of the Google Chrome browser is related to incorrectly implemented security checks for standard elements.
security checks for standard elements. Exploitation of the vulnerability could allow an attacker acting remotely to bypass existing security restrictions.
remotely bypass existing security restrictions using a specially crafted HTML page.

A vulnerability in the web application test automation software tool chromedriver exists
due to failure to take measures to neutralize special elements. Exploitation of the vulnerability could allow
an attacker acting remotely to affect confidentiality, integrity and availability of protected information.
of protected information

A vulnerability in the USB peripheral connection interface of the Google Chrome browser is related to
operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker,
acting remotely, to execute arbitrary code using a specially crafted web page

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64chromium<=Β 120.0.6099.224-1UNKNOWN

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.4 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.4%