CVE-2024-3838
Advisory lineage Upstream: 0 Downstream: 5
Modified
Published: 17 Apr 2024, 07:46
Last modified:13 Feb 2025, 17:53
Vulnerability Summary
Overall Risk (default)
low
22/100 CVSS Score
5.5 MEDIUM
v3.1 (nvd)
EPSS Score
0.21% LOW
0% probability +0.08%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
17 Apr 2024, 07:46
Published
Vulnerability first disclosed
13 Feb 2025, 17:53
Last Modified
Vulnerability information updated
Description
Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed an attacker who convinced a user to install a malicious app to perform UI spoofing via a crafted app. (Chromium security severity: Medium)
CVSS Metrics
- v3.1•MEDIUM•Score: 4.3CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
- v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS Trends
Current EPSS score: 0.21%• Percentile: 44%
Techniques & Countermeasures
- CWE-358•Improperly Implemented Security Check for Standard
The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.
Affected Systems
- Unknown•Chrome
≥ 124.0.6367.60, < 124.0.6367.60 | < 124.0.6367.60
References (5)
- https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html
- https://issues.chromium.org/issues/328278717
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/