CVE-2024-7005

EPSS 0.03%
Published 06.08.2024 16:15:50
Last modified 07.08.2024 19:56:48
Source chrome-cve-admin@google.com
Teams watchlist Login
Open Login

Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file. (Chromium security severity: Low)

Affected products Warnungen 0 Metrics 3 CWE 2 References 5

Data is provided by the National Vulnerability Database (NVD)

Google ≫ Chrome Version < 127.0.6533.72

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.053

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-807 Reliance on Untrusted Inputs in a Security Decision

The product uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism.

https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html

Release Notes

https://issues.chromium.org/issues/40068800

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2024-7005

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-7005

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-7005

EUVD