CVE-2024-13983Open Redirect in Google Chrome

CWE-601Open Redirect5 documents5 sources
Severity
6.3MEDIUMNVD
EPSS
0.1%
top 76.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome
Timeline
PublishedNov 14

Description

Inappropriate implementation in Lens in Google Chrome on iOS prior to 136.0.7103.59 allowed a remote attacker to perform UI spoofing via a crafted QR code. (Chromium security severity: Low)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages2 packages

CVEListV5google/chrome136.0.7103.59136.0.7103.59
NVDgoogle/chrome< 136.0.7103.59

🔴Vulnerability Details

2
CVEList
CVE-2024-13983: Inappropriate implementation in Lens in Google Chrome on iOS prior to 1362025-11-14
GHSA
GHSA-c3h3-5hxq-qpc7: Inappropriate implementation in Lens in Google Chrome on iOS prior to 1362025-11-14

📋Vendor Advisories

2
Chrome
Stable Channel Update for Desktop: CVE-2025-40522025-04-29
Debian
CVE-2024-13983: chromium - Inappropriate implementation in Lens in Google Chrome on iOS prior to 136.0.7103...2024
CVE-2024-13983 — Open Redirect in Google Chrome | cvebase