CVE-2024-8907

2024-09-1721:07:19

Chrome

github.com

data validation

google chrome

omnibox

android

xss

ui gestures

remote attacker

arbitrary scripts

AI Score

5.8

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Insufficient data validation in Omnibox in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (XSS) via a crafted set of UI gestures. (Chromium security severity: Medium)