CVE-2024-1676
published 2024-02-21CVE-2024-1676: Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI via a crafted HTML page…
PriorityP338medium5.4CVSS 3.1
AVNACLPRNUIRSUCLILAN
EPSS
18.55%
96.9th percentile
Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low)
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chromium | chromium | >= 0 < 122.0.6261.57-1~deb12u1 | 122.0.6261.57-1~deb12u1 |
| chromium | chromium | >= 0 < 122.0.6261.57-1 | 122.0.6261.57-1 |
| chromium | chromium | >= 0 < 122.0.6261.57-1 | 122.0.6261.57-1 |
| debian | chromium | < chromium 122.0.6261.57-1~deb12u1 (bookworm) | chromium 122.0.6261.57-1~deb12u1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| chrome | < 122.0.6261.57 | 122.0.6261.57 | |
| chrome | >= 122.0.6261.57 < 122.0.6261.57 | 122.0.6261.57 | |
| chrome_chrome | — | — | |
| msrc | microsoft_edge | — | — |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
osv5.4MEDIUM
vendor_debian5.4MEDIUM
vendor_msrc5.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Chrome
Stable Channel Update for Desktop: CVE-2024-3171
vendor_chrome·2024-02-20·CVSS 5.4
CVE-2024-3171 [MEDIUM] Stable Channel Update for Desktop: CVE-2024-3171
Stable Channel Update for Desktop
CVE-2024-3171: Use after free in Accessibility. Reported by ttt on 2023-12-12 [$1000][ 40944847 ] Low CVE-2024-1676: Inappropriate implementation in Navigation
Reported by Khalil Zhani on 2023-11-21 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel
Severity: medium
Microsoft
Chromium: CVE-2024-1676 Inappropriate implementation in Navigation
vendor_msrc·2024-02-13·CVSS 5.4
CVE-2024-1676 [MEDIUM] Chromium: CVE-2024-1676 Inappropriate implementation in Navigation
Chromium: CVE-2024-1676 Inappropriate implementation in Navigation
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ:
Microsoft Edge Channel
Microsoft Edge Version
Date Released
Based on Chromium Version
Stable
122.0.2365.52
2/23/2024
122.0.6261.57/.58
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browser?
In y
Debian
CVE-2024-1676: chromium - Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261....
vendor_debian·2024·CVSS 5.4
CVE-2024-1676 [MEDIUM] CVE-2024-1676: chromium - Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261....
Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low)
Scope: local
bookworm: resolved (fixed in 122.0.6261.57-1~deb12u1)
bullseye: open
forky: resolved (fixed in 122.0.6261.57-1)
sid: resolved (fixed in 122.0.6261.57-1)
trixie: resolved (fixed in 122.0.6261.57-1)
OSV
CVE-2024-1676: Inappropriate implementation in Navigation in Google Chrome prior to 122
osv·2024-02-21·CVSS 5.4
CVE-2024-1676 [MEDIUM] CVE-2024-1676: Inappropriate implementation in Navigation in Google Chrome prior to 122
Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low)
GHSA
GHSA-r5qg-76hh-gr9p: Inappropriate implementation in Navigation in Google Chrome prior to 122
ghsa_unreviewed·2024-02-21
CVE-2024-1676 [CRITICAL] CWE-79 GHSA-r5qg-76hh-gr9p: Inappropriate implementation in Navigation in Google Chrome prior to 122
Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low)
No detection rules found.
No public exploits indexed.
https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.htmlhttps://issues.chromium.org/issues/40944847https://lists.fedoraproject.org/archives/list/[email protected]/message/PWWBMVQTSERVBXSXCZVUKIMEDNQUQ7O3/https://lists.fedoraproject.org/archives/list/[email protected]/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.htmlhttps://issues.chromium.org/issues/40944847https://lists.fedoraproject.org/archives/list/[email protected]/message/PWWBMVQTSERVBXSXCZVUKIMEDNQUQ7O3/https://lists.fedoraproject.org/archives/list/[email protected]/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/
2024-02-21
Published