Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:44116
HistoryNov 02, 2023 - 6:39 p.m.

Domain Spoofing

2023-11-0218:39:29
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
15
chromium
domain spoofing
vulnerability
picture in picture
google chrome
security ui
remote attacker
crafted html page

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

AI Score

6.7

Confidence

High

EPSS

0.002

Percentile

58.6%

chromium is vulnerable to Domain Spoofing. The vulnerability occurs due to incorrect security UI in Picture In Picture within google chrome which allows a remote malicious attacker to perform domain spoofing via a crafted local HTML page.

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

AI Score

6.7

Confidence

High

EPSS

0.002

Percentile

58.6%