CVE-2024-7005

EPSS 0.03%
Veröffentlicht 06.08.2024 16:15:50
Zuletzt bearbeitet 07.08.2024 19:56:48
Quelle chrome-cve-admin@google.com
Teams Watchlist Login
Unerledigt Login

Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file. (Chromium security severity: Low)

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Chrome Version < 127.0.6533.72

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.053

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-807 Reliance on Untrusted Inputs in a Security Decision

The product uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism.

https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html

Release Notes

https://issues.chromium.org/issues/40068800

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2024-7005

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-7005

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-7005

EUVD