Lucene search

Veracode Vulnerability DatabaseVERACODE:45988

HistoryMar 25, 2024 - 1:32 a.m.

User Interface Misrepresentation Of Critical Information

2024-03-2501:32:12

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

chromium

vulnerability

ios

remote attack

html

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

6.4 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

19.8%

JSON

chromium is vulnerable to User Interface Misrepresentation of Critical Information. This vulnerability is due to incorrect security UI in iOS. It allows a remote attacker to perform UI spoofing via a crafted HTML page.

CPENameOperatorVersion
chromium:sideq88.0.4324.182-1
chromium:sideq83.0.4103.116-3.1
chromium:sideq88.0.4324.182-1
chromium:sideq83.0.4103.116-3.1

Name	Operator	Version
chromium:sid	eq	88.0.4324.182-1
chromium:sid	eq	83.0.4103.116-3.1
chromium:sid	eq	88.0.4324.182-1
chromium:sid	eq	83.0.4103.116-3.1

References

chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html

issues.chromium.org/issues/41487721

lists.fedoraproject.org/archives/list/[email protected]/message/2D3Z6CRRN4J3IUZPJZVURGMRBN6WFPTU/

lists.fedoraproject.org/archives/list/[email protected]/message/6JINDYFB3MPH43ECTI72BV63K4RXSG22/

lists.fedoraproject.org/archives/list/[email protected]/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM/

security-tracker.debian.org/tracker/CVE-2024-2629

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

6.4 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

19.8%

JSON

Related for VERACODE:45988