CVE-2024-7020User Interface (UI) Misrepresentation of Critical Information in Google Chrome

CWE-451User Interface (UI) Misrepresentation of Critical Information5 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 68.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Google ChromeChromium
Timeline
PublishedSep 23
Latest updateSep 24

Description

Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

CVEListV5google/chrome124.0.6367.60124.0.6367.60
NVDgoogle/chrome< 124.0.6367.60
Debianchromium/chromium< 124.0.6367.60-1~deb12u1+2

🔴Vulnerability Details

3
GHSA
GHSA-qxr9-x265-vp39: Inappropriate implementation in Autofill in Google Chrome prior to 1242024-09-24
CVEList
CVE-2024-7020: Inappropriate implementation in Autofill in Google Chrome prior to 1242024-09-23
OSV
CVE-2024-7020: Inappropriate implementation in Autofill in Google Chrome prior to 1242024-09-23

📋Vendor Advisories

1
Debian
CVE-2024-7020: chromium - Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60...2024
CVE-2024-7020 — Google Chrome vulnerability | cvebase