Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:42558
HistoryAug 07, 2023 - 1:17 a.m.

Authorization Bypass

2023-08-0701:17:57
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
19
chromium
authorization bypass
extension api
vulnerability
malicious extension
ui spoofing

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

44.8%

chromium is vulnerable to Authorization Bypasses. Inappropriate implementation in Extensions API allows an attacker who convinces a user to install a malicious extension to spoof the contents of the UI via a crafted Chrome Extension.

Affected configurations

Vulners
Node
-chromium\Matchsid88.0.4324.182-1
OR
-chromium\Matchsid83.0.4103.116-3.1
OR
-chromium\Matchbullseye83.0.4103.116-3.1
OR
-chromium\Matchsid88.0.4324.182-1
OR
-chromium\Matchsid83.0.4103.116-3.1
OR
-chromium\Matchbullseye83.0.4103.116-3.1
VendorProductVersionCPE
-chromium\sidcpe:2.3:a:-:chromium\:sid:88.0.4324.182-1:*:*:*:*:*:*:*
-chromium\sidcpe:2.3:a:-:chromium\:sid:83.0.4103.116-3.1:*:*:*:*:*:*:*
-chromium\bullseyecpe:2.3:a:-:chromium\:bullseye:83.0.4103.116-3.1:*:*:*:*:*:*:*

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

44.8%