CVE-2024-9956: Inappropriate implementation in WebAuthentication in Google Chrome on Android prior to 130.0.6723.58 allowed a local attacker to perform privilege escalation…

high7.8CVSS 3.1

AVLACLPRNUIRSUCHIHAH

Inappropriate implementation in WebAuthentication in Google Chrome on Android prior to 130.0.6723.58 allowed a local attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)

Affected

11 ranges

Vendor	Product	Version range	Fixed in
apple	ios_18.3_and_ipados	—	—
chromium	chromium	>= 0 < 130.0.6723.58-1~deb12u1	130.0.6723.58-1~deb12u1
chromium	chromium	>= 0 < 130.0.6723.58-1	130.0.6723.58-1
chromium	chromium	>= 0 < 130.0.6723.58-1	130.0.6723.58-1
debian	chromium	< chromium 130.0.6723.58-1~deb12u1 (bookworm)	chromium 130.0.6723.58-1~deb12u1 (bookworm)
debian	firefox	< chromium 130.0.6723.58-1~deb12u1 (bookworm)	chromium 130.0.6723.58-1~deb12u1 (bookworm)
google	chrome	< 130.0.6723.58	130.0.6723.58
google	chrome	>= 130.0.6723.58 < 130.0.6723.58	130.0.6723.58
mozilla	firefox	—	—
msrc	microsoft_edge	—	—
paloalto	prisma_browser	—	—

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

osv7.8HIGH