CVE-2024-1676 : Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.

Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low)

Published 2024-02-21 04:15:09

Updated 2024-12-19 17:58:37

Source Chrome

View at NVD, CVE.org

Products affected by CVE-2024-1676

Google » Chrome
Versions before (<) 122.0.6261.57
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 38
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 39
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2024-1676

EPSS FAQ

0.15%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 37 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2024-1676

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	134c704f-9b21-4f2e-91b3-4a467353bcc0	2024-11-05
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
5.4	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N	2.8	2.5	NIST	2024-12-19
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: Low Integrity: Low Availability: None

CWE ids for CVE-2024-1676

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)

References for CVE-2024-1676

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PWWBMVQTSERVBXSXCZVUKIMEDNQUQ7O3/

[SECURITY] Fedora 38 Update: chromium-122.0.6261.57-1.fc38 - package-announce - Fedora Mailing-Lists
Mailing List

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/

[SECURITY] Fedora 39 Update: chromium-122.0.6261.57-1.fc39 - package-announce - Fedora Mailing-Lists
Mailing List

CVEs referencing this url
https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html

Chrome Releases: Stable Channel Update for Desktop
Release Notes

CVEs referencing this url
https://issues.chromium.org/issues/40944847

View issue - Chromium
Exploit;Issue Tracking

Jump to

Vulnerability Details : CVE-2024-1676

Products affected by CVE-2024-1676

Exploit prediction scoring system (EPSS) score for CVE-2024-1676

CVSS scores for CVE-2024-1676

CWE ids for CVE-2024-1676

References for CVE-2024-1676