Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:42468
HistoryAug 06, 2023 - 9:58 p.m.

Improper Input Validation

2023-08-0621:58:10
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
chromium
vulnerability
input validation
extensions
library
attacker
malicious extension
local files

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

43.9%

chromium is vulnerable to Improper Input Validation. The vulnerability exists due to the lack of user input validation in the Extensions of the library, which allows an attacker to convince user to install a malicious extension to access local files via a crafted Chrome Extension

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

43.9%