CVE-2024-7980 — Insufficient Verification of Data Authenticity in Google Chrome

CWE-345 — Insufficient Verification of Data Authenticity CWE-20 — Improper Input Validation8 documents8 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 89.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Chromium Paloalto Prisma Browser

Timeline

PublishedAug 21

Latest updateSep 11

Description

Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link. (Chromium security severity: Medium)

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5google/chrome128.0.6613.84 — 128.0.6613.84

▶NVDgoogle/chrome< 128.0.6613.84

▶Debianchromium/chromium< 128.0.6613.84-1~deb12u1+2

▶Palo Altopaloalto/prisma_browser

🔴Vulnerability Details

CVEList

CVE-2024-7980: Insufficient data validation in Installer in Google Chrome on Windows prior to 128↗2024-08-21

▶

OSV

CVE-2024-7980: Insufficient data validation in Installer in Google Chrome on Windows prior to 128↗2024-08-21

▶

GHSA

GHSA-8p7p-r9xv-w8g4: Insufficient data validation in Installer in Google Chrome on Windows prior to 128↗2024-08-21

▶

📋Vendor Advisories

Palo Alto

PAN-SA-2024-0009 Prisma Browser: Monthly Vulnerability Updates↗2024-09-11

▶

Chrome

Stable Channel Update for Desktop: CVE-2024-7978↗2024-08-21

▶

Microsoft

Chromium: CVE-2024-7980 Insufficient data validation in Installer↗2024-08-13

▶

Debian

CVE-2024-7980: chromium - Insufficient data validation in Installer in Google Chrome on Windows prior to 1...↗2024

▶