Action not permitted
Modal body text goes here.
Modal Title
Modal Body
WID-SEC-W-2024-0220
Vulnerability from csaf_certbund - Published: 2024-01-25 23:00 - Updated: 2024-02-18 23:00Summary
Microsoft Edge: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Edge ist ein Web Browser von Microsoft.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Microsoft Edge ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Informationen falsch darzustellen und nicht spezifizierte Auswirkungen zu verursachen.
Betroffene Betriebssysteme
- Linux
- MacOS X
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Edge ist ein Web Browser von Microsoft.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Microsoft Edge ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, Informationen falsch darzustellen und nicht spezifizierte Auswirkungen zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- MacOS X\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0220 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0220.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0220 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0220"
},
{
"category": "external",
"summary": "Release notes for Microsoft Edge Security Updates vom 2024-01-25",
"url": "https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security#january-25-2024"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2024-44533EB648 vom 2024-01-27",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-44533eb648"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2024-93D34F40F0 vom 2024-01-27",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-93d34f40f0"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202402-23 vom 2024-02-19",
"url": "https://security.gentoo.org/glsa/202402-23"
}
],
"source_lang": "en-US",
"title": "Microsoft Edge: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-02-18T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:04:32.526+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2024-0220",
"initial_release_date": "2024-01-25T23:00:00.000+00:00",
"revision_history": [
{
"date": "2024-01-25T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-01-28T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2024-02-18T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Gentoo aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "Stable Channel \u003c 121.0.2277.83",
"product": {
"name": "Microsoft Edge Stable Channel \u003c 121.0.2277.83",
"product_id": "T032365"
}
},
{
"category": "product_version_range",
"name": "Extended Stable Channel \u003c 120.0.2210.160",
"product": {
"name": "Microsoft Edge Extended Stable Channel \u003c 120.0.2210.160",
"product_id": "T032366"
}
}
],
"category": "product_name",
"name": "Edge"
}
],
"category": "vendor",
"name": "Microsoft"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-21388",
"notes": [
{
"category": "description",
"text": "In Microsoft Edge bestehen mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer sicherheitsrelevanter Probleme, wie z. B. Use-after-free, Integer-\u00dcberlauf oder ungeeignete Implementierungen, um nur einige zu nennen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen, m\u00f6glicherweise Code auszuf\u00fchren, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen und Informationen falsch darzustellen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T012167",
"74185"
]
},
"release_date": "2024-01-25T23:00:00.000+00:00",
"title": "CVE-2024-21388"
},
{
"cve": "CVE-2024-21387",
"notes": [
{
"category": "description",
"text": "In Microsoft Edge bestehen mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer sicherheitsrelevanter Probleme, wie z. B. Use-after-free, Integer-\u00dcberlauf oder ungeeignete Implementierungen, um nur einige zu nennen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen, m\u00f6glicherweise Code auszuf\u00fchren, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen und Informationen falsch darzustellen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T012167",
"74185"
]
},
"release_date": "2024-01-25T23:00:00.000+00:00",
"title": "CVE-2024-21387"
},
{
"cve": "CVE-2024-21385",
"notes": [
{
"category": "description",
"text": "In Microsoft Edge bestehen mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer sicherheitsrelevanter Probleme, wie z. B. Use-after-free, Integer-\u00dcberlauf oder ungeeignete Implementierungen, um nur einige zu nennen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen, m\u00f6glicherweise Code auszuf\u00fchren, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen und Informationen falsch darzustellen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T012167",
"74185"
]
},
"release_date": "2024-01-25T23:00:00.000+00:00",
"title": "CVE-2024-21385"
},
{
"cve": "CVE-2024-21383",
"notes": [
{
"category": "description",
"text": "In Microsoft Edge bestehen mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer sicherheitsrelevanter Probleme, wie z. B. Use-after-free, Integer-\u00dcberlauf oder ungeeignete Implementierungen, um nur einige zu nennen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen, m\u00f6glicherweise Code auszuf\u00fchren, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen und Informationen falsch darzustellen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T012167",
"74185"
]
},
"release_date": "2024-01-25T23:00:00.000+00:00",
"title": "CVE-2024-21383"
},
{
"cve": "CVE-2024-21382",
"notes": [
{
"category": "description",
"text": "In Microsoft Edge bestehen mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer sicherheitsrelevanter Probleme, wie z. B. Use-after-free, Integer-\u00dcberlauf oder ungeeignete Implementierungen, um nur einige zu nennen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen, m\u00f6glicherweise Code auszuf\u00fchren, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen und Informationen falsch darzustellen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T012167",
"74185"
]
},
"release_date": "2024-01-25T23:00:00.000+00:00",
"title": "CVE-2024-21382"
},
{
"cve": "CVE-2024-21336",
"notes": [
{
"category": "description",
"text": "In Microsoft Edge bestehen mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer sicherheitsrelevanter Probleme, wie z. B. Use-after-free, Integer-\u00dcberlauf oder ungeeignete Implementierungen, um nur einige zu nennen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen, m\u00f6glicherweise Code auszuf\u00fchren, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen und Informationen falsch darzustellen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T012167",
"74185"
]
},
"release_date": "2024-01-25T23:00:00.000+00:00",
"title": "CVE-2024-21336"
},
{
"cve": "CVE-2024-21326",
"notes": [
{
"category": "description",
"text": "In Microsoft Edge bestehen mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer sicherheitsrelevanter Probleme, wie z. B. Use-after-free, Integer-\u00dcberlauf oder ungeeignete Implementierungen, um nur einige zu nennen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen, m\u00f6glicherweise Code auszuf\u00fchren, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen und Informationen falsch darzustellen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T012167",
"74185"
]
},
"release_date": "2024-01-25T23:00:00.000+00:00",
"title": "CVE-2024-21326"
},
{
"cve": "CVE-2024-0814",
"notes": [
{
"category": "description",
"text": "In Microsoft Edge bestehen mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer sicherheitsrelevanter Probleme, wie z. B. Use-after-free, Integer-\u00dcberlauf oder ungeeignete Implementierungen, um nur einige zu nennen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen, m\u00f6glicherweise Code auszuf\u00fchren, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen und Informationen falsch darzustellen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T012167",
"74185"
]
},
"release_date": "2024-01-25T23:00:00.000+00:00",
"title": "CVE-2024-0814"
},
{
"cve": "CVE-2024-0813",
"notes": [
{
"category": "description",
"text": "In Microsoft Edge bestehen mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer sicherheitsrelevanter Probleme, wie z. B. Use-after-free, Integer-\u00dcberlauf oder ungeeignete Implementierungen, um nur einige zu nennen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen, m\u00f6glicherweise Code auszuf\u00fchren, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen und Informationen falsch darzustellen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T012167",
"74185"
]
},
"release_date": "2024-01-25T23:00:00.000+00:00",
"title": "CVE-2024-0813"
},
{
"cve": "CVE-2024-0812",
"notes": [
{
"category": "description",
"text": "In Microsoft Edge bestehen mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer sicherheitsrelevanter Probleme, wie z. B. Use-after-free, Integer-\u00dcberlauf oder ungeeignete Implementierungen, um nur einige zu nennen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen, m\u00f6glicherweise Code auszuf\u00fchren, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen und Informationen falsch darzustellen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T012167",
"74185"
]
},
"release_date": "2024-01-25T23:00:00.000+00:00",
"title": "CVE-2024-0812"
},
{
"cve": "CVE-2024-0811",
"notes": [
{
"category": "description",
"text": "In Microsoft Edge bestehen mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer sicherheitsrelevanter Probleme, wie z. B. Use-after-free, Integer-\u00dcberlauf oder ungeeignete Implementierungen, um nur einige zu nennen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen, m\u00f6glicherweise Code auszuf\u00fchren, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen und Informationen falsch darzustellen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T012167",
"74185"
]
},
"release_date": "2024-01-25T23:00:00.000+00:00",
"title": "CVE-2024-0811"
},
{
"cve": "CVE-2024-0810",
"notes": [
{
"category": "description",
"text": "In Microsoft Edge bestehen mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer sicherheitsrelevanter Probleme, wie z. B. Use-after-free, Integer-\u00dcberlauf oder ungeeignete Implementierungen, um nur einige zu nennen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen, m\u00f6glicherweise Code auszuf\u00fchren, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen und Informationen falsch darzustellen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T012167",
"74185"
]
},
"release_date": "2024-01-25T23:00:00.000+00:00",
"title": "CVE-2024-0810"
},
{
"cve": "CVE-2024-0809",
"notes": [
{
"category": "description",
"text": "In Microsoft Edge bestehen mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer sicherheitsrelevanter Probleme, wie z. B. Use-after-free, Integer-\u00dcberlauf oder ungeeignete Implementierungen, um nur einige zu nennen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen, m\u00f6glicherweise Code auszuf\u00fchren, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen und Informationen falsch darzustellen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T012167",
"74185"
]
},
"release_date": "2024-01-25T23:00:00.000+00:00",
"title": "CVE-2024-0809"
},
{
"cve": "CVE-2024-0808",
"notes": [
{
"category": "description",
"text": "In Microsoft Edge bestehen mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer sicherheitsrelevanter Probleme, wie z. B. Use-after-free, Integer-\u00dcberlauf oder ungeeignete Implementierungen, um nur einige zu nennen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen, m\u00f6glicherweise Code auszuf\u00fchren, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen und Informationen falsch darzustellen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T012167",
"74185"
]
},
"release_date": "2024-01-25T23:00:00.000+00:00",
"title": "CVE-2024-0808"
},
{
"cve": "CVE-2024-0807",
"notes": [
{
"category": "description",
"text": "In Microsoft Edge bestehen mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer sicherheitsrelevanter Probleme, wie z. B. Use-after-free, Integer-\u00dcberlauf oder ungeeignete Implementierungen, um nur einige zu nennen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen, m\u00f6glicherweise Code auszuf\u00fchren, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen und Informationen falsch darzustellen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T012167",
"74185"
]
},
"release_date": "2024-01-25T23:00:00.000+00:00",
"title": "CVE-2024-0807"
},
{
"cve": "CVE-2024-0806",
"notes": [
{
"category": "description",
"text": "In Microsoft Edge bestehen mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer sicherheitsrelevanter Probleme, wie z. B. Use-after-free, Integer-\u00dcberlauf oder ungeeignete Implementierungen, um nur einige zu nennen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen, m\u00f6glicherweise Code auszuf\u00fchren, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen und Informationen falsch darzustellen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T012167",
"74185"
]
},
"release_date": "2024-01-25T23:00:00.000+00:00",
"title": "CVE-2024-0806"
},
{
"cve": "CVE-2024-0805",
"notes": [
{
"category": "description",
"text": "In Microsoft Edge bestehen mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer sicherheitsrelevanter Probleme, wie z. B. Use-after-free, Integer-\u00dcberlauf oder ungeeignete Implementierungen, um nur einige zu nennen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen, m\u00f6glicherweise Code auszuf\u00fchren, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen und Informationen falsch darzustellen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T012167",
"74185"
]
},
"release_date": "2024-01-25T23:00:00.000+00:00",
"title": "CVE-2024-0805"
},
{
"cve": "CVE-2024-0804",
"notes": [
{
"category": "description",
"text": "In Microsoft Edge bestehen mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer sicherheitsrelevanter Probleme, wie z. B. Use-after-free, Integer-\u00dcberlauf oder ungeeignete Implementierungen, um nur einige zu nennen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen, m\u00f6glicherweise Code auszuf\u00fchren, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen und Informationen falsch darzustellen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T012167",
"74185"
]
},
"release_date": "2024-01-25T23:00:00.000+00:00",
"title": "CVE-2024-0804"
}
]
}
CVE-2024-21385 (GCVE-0-2024-21385)
Vulnerability from cvelistv5 – Published: 2024-01-26 00:29 – Updated: 2025-05-29 15:17
VLAI?
EPSS
Summary
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Severity ?
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft Edge (Chromium-based) |
Affected:
1.0.0 , < 121.0.2277.83
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:20:40.535Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21385"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21385",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T18:45:13.939413Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-29T15:17:34.121Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Edge (Chromium-based)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "121.0.2277.83",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
"versionEndExcluding": "121.0.2277.83",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-01-25T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-03T01:46:39.293Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21385"
}
],
"title": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-21385",
"datePublished": "2024-01-26T00:29:31.482Z",
"dateReserved": "2023-12-08T22:45:20.453Z",
"dateUpdated": "2025-05-29T15:17:34.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21387 (GCVE-0-2024-21387)
Vulnerability from cvelistv5 – Published: 2024-01-26 00:29 – Updated: 2025-05-03 01:46
VLAI?
EPSS
Summary
Microsoft Edge for Android Spoofing Vulnerability
Severity ?
CWE
- CWE-357 - Insufficient UI Warning of Dangerous Operations
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Edge (Chromium-based) |
Affected:
1.0.0 , < 121.0.2277.83
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:20:40.497Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Edge for Android Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21387"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21387",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-27T15:45:30.901045Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T15:29:53.182Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Edge (Chromium-based)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "121.0.2277.83",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Edge (Chromium-based) Extended Stable",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "120.0.2210.160",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
"versionEndExcluding": "121.0.2277.83",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:extended_stable:*:*:*",
"versionEndExcluding": "120.0.2210.160",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-01-25T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Edge for Android Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-357",
"description": "CWE-357: Insufficient UI Warning of Dangerous Operations",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-03T01:46:39.923Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Edge for Android Spoofing Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21387"
}
],
"title": "Microsoft Edge for Android Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-21387",
"datePublished": "2024-01-26T00:29:32.072Z",
"dateReserved": "2023-12-08T22:45:20.453Z",
"dateUpdated": "2025-05-03T01:46:39.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0814 (GCVE-0-2024-0814)
Vulnerability from cvelistv5 – Published: 2024-01-23 23:53 – Updated: 2025-05-30 14:17
VLAI?
EPSS
Summary
Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium)
Severity ?
6.5 (Medium)
CWE
- Incorrect security UI
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:18:18.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://crbug.com/1463935"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-0814",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T17:35:12.788442Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346 Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T14:17:54.801Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "121.0.6167.85",
"status": "affected",
"version": "121.0.6167.85",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect security UI",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-26T02:06:29.541Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html"
},
{
"url": "https://crbug.com/1463935"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2024-0814",
"datePublished": "2024-01-23T23:53:00.357Z",
"dateReserved": "2024-01-23T00:47:27.090Z",
"dateUpdated": "2025-05-30T14:17:54.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0813 (GCVE-0-2024-0813)
Vulnerability from cvelistv5 – Published: 2024-01-23 23:53 – Updated: 2025-06-20 19:08
VLAI?
EPSS
Summary
Use after free in Reading Mode in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium)
Severity ?
8.8 (High)
CWE
- Use after free
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:18:18.698Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://crbug.com/1477151"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-0813",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-24T14:32:54.846986Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-20T19:08:31.967Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "121.0.6167.85",
"status": "affected",
"version": "121.0.6167.85",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in Reading Mode in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-26T02:06:26.190Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html"
},
{
"url": "https://crbug.com/1477151"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2024-0813",
"datePublished": "2024-01-23T23:53:00.522Z",
"dateReserved": "2024-01-23T00:47:27.001Z",
"dateUpdated": "2025-06-20T19:08:31.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0812 (GCVE-0-2024-0812)
Vulnerability from cvelistv5 – Published: 2024-01-23 23:52 – Updated: 2025-05-30 14:18
VLAI?
EPSS
Summary
Inappropriate implementation in Accessibility in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
Severity ?
8.8 (High)
CWE
- Inappropriate implementation
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:18:18.684Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://crbug.com/1484394"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-0812",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T20:28:33.733570Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T14:18:09.219Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "121.0.6167.85",
"status": "affected",
"version": "121.0.6167.85",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in Accessibility in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Inappropriate implementation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-26T02:06:32.887Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html"
},
{
"url": "https://crbug.com/1484394"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2024-0812",
"datePublished": "2024-01-23T23:52:59.348Z",
"dateReserved": "2024-01-23T00:47:26.902Z",
"dateUpdated": "2025-05-30T14:18:09.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21382 (GCVE-0-2024-21382)
Vulnerability from cvelistv5 – Published: 2024-01-26 00:29 – Updated: 2025-05-29 15:17
VLAI?
EPSS
Summary
Microsoft Edge for Android Information Disclosure Vulnerability
Severity ?
CWE
- CWE-942 - Permissive Cross-domain Policy with Untrusted Domains
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft Edge (Chromium-based) |
Affected:
1.0.0 , < 121.0.2277.83
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:20:40.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Edge for Android Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21382"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21382",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:52:49.584059Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-29T15:17:41.161Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Edge (Chromium-based)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "121.0.2277.83",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
"versionEndExcluding": "121.0.2277.83",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-01-25T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Edge for Android Information Disclosure Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "CWE-942: Permissive Cross-domain Policy with Untrusted Domains",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-03T01:46:38.128Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Edge for Android Information Disclosure Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21382"
}
],
"title": "Microsoft Edge for Android Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-21382",
"datePublished": "2024-01-26T00:29:14.790Z",
"dateReserved": "2023-12-08T22:45:20.452Z",
"dateUpdated": "2025-05-29T15:17:41.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0804 (GCVE-0-2024-0804)
Vulnerability from cvelistv5 – Published: 2024-01-23 23:53 – Updated: 2025-05-22 17:33
VLAI?
EPSS
Summary
Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Severity ?
7.5 (High)
CWE
- Insufficient policy enforcement
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:18:18.587Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://crbug.com/1515137"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-0804",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-14T19:35:36.742664Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693 Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T17:33:41.380Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "121.0.6167.85",
"status": "affected",
"version": "121.0.6167.85",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficient policy enforcement",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-26T02:06:21.077Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html"
},
{
"url": "https://crbug.com/1515137"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2024-0804",
"datePublished": "2024-01-23T23:53:01.190Z",
"dateReserved": "2024-01-23T00:47:25.799Z",
"dateUpdated": "2025-05-22T17:33:41.380Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0810 (GCVE-0-2024-0810)
Vulnerability from cvelistv5 – Published: 2024-01-23 23:53 – Updated: 2025-05-22 17:31
VLAI?
EPSS
Summary
Insufficient policy enforcement in DevTools in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Medium)
Severity ?
4.3 (Medium)
CWE
- Insufficient policy enforcement
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:18:18.842Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://crbug.com/1496250"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-0810",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-24T15:36:11.578520Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T17:31:09.326Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "121.0.6167.85",
"status": "affected",
"version": "121.0.6167.85",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient policy enforcement in DevTools in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Medium)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficient policy enforcement",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-26T02:06:27.880Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html"
},
{
"url": "https://crbug.com/1496250"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2024-0810",
"datePublished": "2024-01-23T23:53:00.072Z",
"dateReserved": "2024-01-23T00:47:26.651Z",
"dateUpdated": "2025-05-22T17:31:09.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21388 (GCVE-0-2024-21388)
Vulnerability from cvelistv5 – Published: 2024-01-30 17:23 – Updated: 2025-05-29 15:04
VLAI?
EPSS
Summary
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft Edge (Chromium-based) |
Affected:
1.0.0 , < 121.0.2277.98
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:20:40.684Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21388"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21388",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:50:30.349166Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-29T15:04:33.561Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Edge (Chromium-based)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "121.0.2277.98",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
"versionEndExcluding": "121.0.2277.98",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-01-30T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-03T01:46:40.456Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21388"
}
],
"title": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-21388",
"datePublished": "2024-01-30T17:23:24.876Z",
"dateReserved": "2023-12-08T22:45:20.453Z",
"dateUpdated": "2025-05-29T15:04:33.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0807 (GCVE-0-2024-0807)
Vulnerability from cvelistv5 – Published: 2024-01-23 23:52 – Updated: 2025-06-20 19:07
VLAI?
EPSS
Summary
Use after free in Web Audio in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity ?
8.8 (High)
CWE
- Use after free
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:18:18.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://crbug.com/1505080"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-0807",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-06T05:00:18.791719Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-20T19:07:53.257Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "121.0.6167.85",
"status": "affected",
"version": "121.0.6167.85",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in Web Audio in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-26T02:06:22.737Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html"
},
{
"url": "https://crbug.com/1505080"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2024-0807",
"datePublished": "2024-01-23T23:52:59.012Z",
"dateReserved": "2024-01-23T00:47:26.314Z",
"dateUpdated": "2025-06-20T19:07:53.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0805 (GCVE-0-2024-0805)
Vulnerability from cvelistv5 – Published: 2024-01-23 23:53 – Updated: 2025-06-20 19:06
VLAI?
EPSS
Summary
Inappropriate implementation in Downloads in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium)
Severity ?
4.3 (Medium)
CWE
- Inappropriate implementation
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:18:18.980Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://crbug.com/1514925"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-0805",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-24T16:32:45.022633Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-451",
"description": "CWE-451 User Interface (UI) Misrepresentation of Critical Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-20T19:06:30.663Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "121.0.6167.85",
"status": "affected",
"version": "121.0.6167.85",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in Downloads in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Inappropriate implementation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-26T02:06:24.466Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html"
},
{
"url": "https://crbug.com/1514925"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2024-0805",
"datePublished": "2024-01-23T23:53:00.938Z",
"dateReserved": "2024-01-23T00:47:26.000Z",
"dateUpdated": "2025-06-20T19:06:30.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21326 (GCVE-0-2024-21326)
Vulnerability from cvelistv5 – Published: 2024-01-26 00:29 – Updated: 2025-06-17 21:29
VLAI?
EPSS
Summary
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Severity ?
9.6 (Critical)
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft Edge (Chromium-based) |
Affected:
1.0.0 , < 121.0.2277.83
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:20:39.907Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21326"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21326",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-25T15:59:25.369722Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T21:29:15.216Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Edge (Chromium-based)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "121.0.2277.83",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
"versionEndExcluding": "121.0.2277.83",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-01-25T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-03T01:46:37.498Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21326"
}
],
"title": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-21326",
"datePublished": "2024-01-26T00:29:14.219Z",
"dateReserved": "2023-12-08T22:45:19.368Z",
"dateUpdated": "2025-06-17T21:29:15.216Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0808 (GCVE-0-2024-0808)
Vulnerability from cvelistv5 – Published: 2024-01-23 23:52 – Updated: 2025-05-30 14:18
VLAI?
EPSS
Summary
Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High)
Severity ?
9.8 (Critical)
CWE
- Integer underflow
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:18:18.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://crbug.com/1504936"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-0808",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-09T23:34:13.232524Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "CWE-191 Integer Underflow (Wrap or Wraparound)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T14:18:00.339Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "121.0.6167.85",
"status": "affected",
"version": "121.0.6167.85",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Integer underflow",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-26T02:06:34.570Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html"
},
{
"url": "https://crbug.com/1504936"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2024-0808",
"datePublished": "2024-01-23T23:52:59.855Z",
"dateReserved": "2024-01-23T00:47:26.462Z",
"dateUpdated": "2025-05-30T14:18:00.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21383 (GCVE-0-2024-21383)
Vulnerability from cvelistv5 – Published: 2024-01-26 00:29 – Updated: 2025-05-03 01:46
VLAI?
EPSS
Summary
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Severity ?
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft Edge (Chromium-based) |
Affected:
1.0.0 , < 121.0.2277.83
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:20:40.793Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Edge (Chromium-based) Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21383"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21383",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T18:32:09.161283Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T18:32:58.997Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Edge (Chromium-based)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "121.0.2277.83",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
"versionEndExcluding": "121.0.2277.83",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-01-25T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Edge (Chromium-based) Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-03T01:46:38.729Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Edge (Chromium-based) Spoofing Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21383"
}
],
"title": "Microsoft Edge (Chromium-based) Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-21383",
"datePublished": "2024-01-26T00:29:30.925Z",
"dateReserved": "2023-12-08T22:45:20.453Z",
"dateUpdated": "2025-05-03T01:46:38.729Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21336 (GCVE-0-2024-21336)
Vulnerability from cvelistv5 – Published: 2024-01-26 17:40 – Updated: 2025-05-03 01:46
VLAI?
EPSS
Summary
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Severity ?
CWE
- CWE-357 - Insufficient UI Warning of Dangerous Operations
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft Edge (Chromium-based) |
Affected:
1.0.0 , < 121.0.2277.83
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21336",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-26T19:14:42.066107Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T19:11:40.242Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:20:40.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Edge (Chromium-based) Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21336"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Edge (Chromium-based)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "121.0.2277.83",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
"versionEndExcluding": "121.0.2277.83",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-01-26T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Edge (Chromium-based) Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-357",
"description": "CWE-357: Insufficient UI Warning of Dangerous Operations",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-03T01:46:54.067Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Edge (Chromium-based) Spoofing Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21336"
}
],
"title": "Microsoft Edge (Chromium-based) Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-21336",
"datePublished": "2024-01-26T17:40:28.789Z",
"dateReserved": "2023-12-08T22:45:19.371Z",
"dateUpdated": "2025-05-03T01:46:54.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0811 (GCVE-0-2024-0811)
Vulnerability from cvelistv5 – Published: 2024-01-23 23:53 – Updated: 2025-06-16 18:31
VLAI?
EPSS
Summary
Inappropriate implementation in Extensions API in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low)
Severity ?
4.3 (Medium)
CWE
- Inappropriate implementation
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:18:18.589Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://crbug.com/1494490"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/177172/Chrome-chrome.pageCapture.saveAsMHTML-Extension-API-Blocked-Origin-Bypass.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-0811",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-16T18:31:12.486469Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-16T18:31:56.329Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "121.0.6167.85",
"status": "affected",
"version": "121.0.6167.85",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in Extensions API in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Inappropriate implementation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-19T17:05:57.093Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html"
},
{
"url": "https://crbug.com/1494490"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/"
},
{
"url": "http://packetstormsecurity.com/files/177172/Chrome-chrome.pageCapture.saveAsMHTML-Extension-API-Blocked-Origin-Bypass.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2024-0811",
"datePublished": "2024-01-23T23:53:01.437Z",
"dateReserved": "2024-01-23T00:47:26.806Z",
"dateUpdated": "2025-06-16T18:31:56.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0809 (GCVE-0-2024-0809)
Vulnerability from cvelistv5 – Published: 2024-01-23 23:53 – Updated: 2025-05-15 14:42
VLAI?
EPSS
Summary
Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low)
Severity ?
4.3 (Medium)
CWE
- Inappropriate implementation
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:18:18.807Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://crbug.com/1497985"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-0809",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-15T14:39:59.155427Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693 Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T14:42:46.828Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "121.0.6167.85",
"status": "affected",
"version": "121.0.6167.85",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Inappropriate implementation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-26T02:06:17.616Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html"
},
{
"url": "https://crbug.com/1497985"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2024-0809",
"datePublished": "2024-01-23T23:53:01.615Z",
"dateReserved": "2024-01-23T00:47:26.549Z",
"dateUpdated": "2025-05-15T14:42:46.828Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0806 (GCVE-0-2024-0806)
Vulnerability from cvelistv5 – Published: 2024-01-23 23:53 – Updated: 2025-06-20 19:07
VLAI?
EPSS
Summary
Use after free in Passwords in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium)
Severity ?
8.8 (High)
CWE
- Use after free
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:18:18.590Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://crbug.com/1505176"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-0806",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-24T14:34:59.388368Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-20T19:07:11.754Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "121.0.6167.85",
"status": "affected",
"version": "121.0.6167.85",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in Passwords in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-26T02:06:31.212Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html"
},
{
"url": "https://crbug.com/1505176"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2024-0806",
"datePublished": "2024-01-23T23:53:00.766Z",
"dateReserved": "2024-01-23T00:47:26.161Z",
"dateUpdated": "2025-06-20T19:07:11.754Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…