CVE-2024-7001 — Use of Function with Inconsistent Implementations in Google Chrome

CWE-474 — Use of Function with Inconsistent Implementations CWE-674 — Uncontrolled Recursion25 documents12 sources

Severity

4.3MEDIUMNVD

OSV7.5

EPSS

0.1%

top 64.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Chromium Paloalto Prisma Browser

Timeline

PublishedAug 6

Latest updateNov 21

Description

Inappropriate implementation in HTML in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

▶CVEListV5google/chrome127.0.6533.72 — 127.0.6533.72

▶NVDgoogle/chrome< 127.0.6533.72

▶Debianchromium/chromium< 127.0.6533.88-1~deb12u1+2

▶Palo Altopaloalto/prisma_browser

🔴Vulnerability Details

OSV

libxmltok vulnerabilities↗2024-09-17

▶

CVEList

CVE-2024-7001: Inappropriate implementation in HTML in Google Chrome prior to 127↗2024-08-06

▶

OSV

CVE-2024-7001: Inappropriate implementation in HTML in Google Chrome prior to 127↗2024-08-06

▶

GHSA

GHSA-pqvj-7wmm-mjvv: Inappropriate implementation in HTML in Google Chrome prior to 127↗2024-08-06

▶

💥Exploits & PoCs

Exploit-DB

Siklu MultiHaul TG series < 2.0.0 - unauthenticated credential disclosure↗2024-03-28

▶

Metasploit

Samsung MagicINFO 9 Server Remote Code Execution (CVE-2024-7399)↗

▶

📋Vendor Advisories

Red Hat

kernel: afs: Fix lock recursion↗2024-11-21

▶

Palo Alto

PAN-SA-2024-0007 Prisma Browser: Monthly Vulnerability Updates↗2024-08-14

▶

Chrome

Stable Channel Update for Desktop: CVE-2024-7000↗2024-07-23

▶

Microsoft

Chromium: CVE-2024-7001 Inappropriate implementation in HTML↗2024-07-09

▶

Debian

CVE-2024-7001: chromium - Inappropriate implementation in HTML in Google Chrome prior to 127.0.6533.72 all...↗2024

▶

💬Community

Bugzilla

CVE-2024-36939 kernel: nfs: Handle error of rpc_proc_register() in nfs_net_init().↗2024-06-03

▶

Bugzilla

CVE-2021-47289 kernel: ACPI: fix NULL pointer dereference↗2024-05-22

▶

Bugzilla

CVE-2021-47321 kernel: watchdog: Fix possible use-after-free by calling del_timer_sync()↗2024-05-22

▶

Bugzilla

CVE-2024-35809 kernel: PCI/PM: Drain runtime-idle callbacks before driver removal↗2024-05-17

▶

Bugzilla

CVE-2024-26939 kernel: drm/i915/vma: Fix UAF on destroy against retire race↗2024-05-01

▶