Vulnerability Details : CVE-2024-3173
Potential exploit
Insufficient data validation in Updater in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High)
Vulnerability category: Gain privilege
Products affected by CVE-2024-3173
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2024-3173
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 23 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2024-3173
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2024-08-01 |
|
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST | 2024-07-18 |
CWE ids for CVE-2024-3173
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
-
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2024-3173
-
https://issues.chromium.org/issues/40075849
Security: Elevation of Privilege via Vulnerability in Keystone for macOS [40075849] - ChromiumExploit;Issue Tracking
-
https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop.html
Chrome Releases: Stable Channel Update for DesktopVendor Advisory
Jump to