CVE-2024-3843Authentication Bypass by Spoofing in Google Chrome

CWE-290Authentication Bypass by Spoofing6 documents6 sources
Severity
4.3MEDIUMNVD
EPSS
0.5%
top 32.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Google ChromeChromiumFedoraproject Fedora
Timeline
PublishedApr 17

Description

Insufficient data validation in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

CVEListV5google/chrome124.0.6367.60124.0.6367.60
NVDgoogle/chrome< 124.0.6367.60
Debianchromium/chromium< 124.0.6367.60-1~deb12u1+2

Also affects: Fedora 38, 39, 40

🔴Vulnerability Details

3
CVEList
CVE-2024-3843: Insufficient data validation in Downloads in Google Chrome prior to 1242024-04-17
GHSA
GHSA-gqmf-j3fp-9x2f: Insufficient data validation in Downloads in Google Chrome prior to 1242024-04-17
OSV
CVE-2024-3843: Insufficient data validation in Downloads in Google Chrome prior to 1242024-04-17

📋Vendor Advisories

2
Microsoft
Chromium: CVE-2024-3843 Insufficient data validation in Downloads2024-04-09
Debian
CVE-2024-3843: chromium - Insufficient data validation in Downloads in Google Chrome prior to 124.0.6367.6...2024
CVE-2024-3843 — Authentication Bypass by Spoofing | cvebase