Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:43875
HistoryOct 19, 2023 - 3:42 a.m.

Improper Authorization

2023-10-1903:42:35
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
chromium
vulnerability
imporper authorization
extension
html
enterprise policy
security

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

25.4%

chromium is vulnerable to Improper Authorization. The vulnerability allows an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page.

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

25.4%