Microsoft Edge (Chromium) < 124.0.2478.51 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 124.0.2478.51. It is, therefore, affected by multiple vulnerabilities as referenced in the April 18, 2024 advisory. - Microsoft Edge for Android Chromium-based Information Disclosure Vulnerability CVE-2024-29986 -...

CVE-2024-3845

Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. Chromium security severity: Low...

CVE-2024-3846

Inappropriate implementation in Prompts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

CVE-2024-3838

Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed an attacker who convinced a user to install a malicious app to perform UI spoofing via a crafted app. Chromium security severity: Medium...

CVE-2024-3845

CVE-2024-3845 affects Google Chrome/Chromium where an inappropriate network implementation allowed bypassing mixed-content policy via a crafted HTML page on versions before 124.0.6367.60. Root cause: incorrect handling in networks code. Impact stated as high for confidentiality, integrity, and av...

CVE-2024-3846

Inappropriate implementation in Prompts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

CVE-2024-3845

Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. Chromium security severity: Low...

CVE-2024-3844

Summary: CVE-2024-3844 corresponds to an incomplete/incorrect implementation in Chrome/Chromium extensions that enables UI spoofing via a crafted extension. The connected documents corroborate a Chromium-based vulnerability with the same description, affecting Chrome/Chromium releases prior to th...

CVE-2024-3838

CVE-2024-3838 affects Google Chrome/Chromium Autofill: an inappropriate Autofill implementation allowed UI spoofing via a crafted app, when a user is lured to install malware. The issue exists in Chrome prior to 124.0.6367.60; remediation is to upgrade to 124.0.6367.60 or newer. Exploitation deta...

CVE-2024-3838

Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed an attacker who convinced a user to install a malicious app to perform UI spoofing via a crafted app. Chromium security severity: Medium...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 23 security fixes: 331358160 High CVE-2024-3832: Object corruption in V8. Reported by Man Yue Mo of GitHub Security Lab on 2024-03-27 331383939 High CVE-2024-3833: Object corruption in WebAssembly. Reported by Man Yue Mo of GitHub Security Lab on...

CVE-2024-3156

Inappropriate implementation in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

Microsoft Edge (Chromium) < 122.0.2365.120 / 123.0.2420.81 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 122.0.2365.120 / 123.0.2420.81. It is, therefore, affected by multiple vulnerabilities as referenced in the April 4, 2024 advisory. - Microsoft Edge Chromium-based Webview2 Spoofing Vulnerability CVE-2024-29049 -...

Google Chrome < 123.0.6312.105 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 123.0.6312.105. It is, therefore, affected by multiple vulnerabilities as referenced in the 202404stable-channel-update-for-desktop advisory. - Out of bounds memory access in V8 in Google Chrome prior to 123.0.6312.105...

Debian dsa-5648 : chromium - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5648 advisory. - Object lifecycle issue in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page...

Microsoft Edge (Chromium) < 123.0.2420.53 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 123.0.2420.53. It is, therefore, affected by multiple vulnerabilities as referenced in the March 22, 2024 advisory. - Microsoft Edge Chromium-based Security Feature Bypass Vulnerability CVE-2024-26247 - Object lifecycl...

CVE-2024-2631

Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

CVE-2024-2630

Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

CVE-2024-2628

Inappropriate implementation in Downloads in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted URL. Chromium security severity: Medium...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 12 security fixes: 327740539 High CVE-2024-2625: Object lifecycle issue in V8. Reported by Ganjiang Zhou@refrainareu of ChaMd5-H1 team on 2024-03-01 40945098 Medium CVE-2024-2626: Out of bounds read in Swiftshader. Reported by Cassidy Kim@cassidy6564 ...