CVE-2024-1671 — Protection Mechanism Failure in Google Chrome

CWE-693 — Protection Mechanism Failure7 documents7 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 77.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Chromium Debian Chromium +2 more

Timeline

PublishedFeb 21

Latest updateOct 21

Description

Inappropriate implementation in Site Isolation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages6 packages

▶CVEListV5google/chrome122.0.6261.57 — 122.0.6261.57

▶NVDgoogle/chrome< 122.0.6261.57

▶googlegoogle/chrome_chrome

▶debiandebian/chromium< chromium 122.0.6261.57-1~deb12u1 (bookworm)

▶Debianchromium/chromium< 122.0.6261.57-1~deb12u1+2

🔴Vulnerability Details

GHSA

GHSA-frg3-hm7v-3rpf: Inappropriate implementation in Site Isolation in Google Chrome prior to 122↗2024-02-21

▶

OSV

CVE-2024-1671: Inappropriate implementation in Site Isolation in Google Chrome prior to 122↗2024-02-21

▶

📋Vendor Advisories

Red Hat

kernel: Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change↗2024-10-21

▶

Chrome

Stable Channel Update for Desktop: CVE-2024-3168↗2024-02-20

▶

Microsoft

Chromium: CVE-2024-1671 Inappropriate implementation in Site Isolation↗2024-02-13

▶

Debian

CVE-2024-1671: chromium - Inappropriate implementation in Site Isolation in Google Chrome prior to 122.0.6...↗2024

▶