Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:44114
HistoryNov 02, 2023 - 6:39 p.m.

Remote Code Execution (RCE)

2023-11-0218:39:27
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
13
chromium
remote code execution
vulnerability
webapp
security
html page

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

7.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.3%

chromium is vulnerable to Remote Code Execution (RCE). The vulnerability exists due to the inappropriate implementation in WebApp, which allows a remote malicious attacker to obfuscate security UI via a crafted HTML page.

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

7.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.3%