Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:43886
HistoryOct 19, 2023 - 4:15 a.m.

Misconfigured Security Controls

2023-10-1904:15:44
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
chromium
misconfigured security controls
fullscreen feature
vulnerability
malicious extension
chrome extension
bypass navigation restrictions

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

36.2%

chromium is vulnerable to Misconfigured Security Controls. The vulnerability exists because of an improper implementation in the Fullscreen feature of the library, which could allow an attacker to deceive a user into installing a malicious extension. This would enable the attacker to bypass navigation restrictions by using a carefully crafted Chrome Extension

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

36.2%