Vulnerability-Lookup

CVE-2024-3845 (GCVE-0-2024-3845)

Vulnerability from cvelistv5 – Published: 2024-04-17 07:46 – Updated: 2025-02-13 17:53

Summary

Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. (Chromium security severity: Low)

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Inappropriate implementation

Assigner

Chrome

References

8 references

URL	Tags
https://chromereleases.googleblog.com/2024/04/sta…
https://issues.chromium.org/issues/323583084
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: 124.0.6367.60 , < 124.0.6367.60 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "chrome",
            "vendor": "google",
            "versions": [
              {
                "status": "affected",
                "version": "124.0.6367.60"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-3845",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-07T17:50:32.798582Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-358",
                "description": "CWE-358 Improperly Implemented Security Check for Standard",
                "lang": "en",
                "type": "CWE"
              }
            ]
          },
          {
            "descriptions": [
              {
                "cweId": "CWE-1068",
                "description": "CWE-1068 Inconsistency Between Implementation and Documented Design",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:32:37.147Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:26:56.914Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://issues.chromium.org/issues/323583084"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "124.0.6367.60",
              "status": "affected",
              "version": "124.0.6367.60",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. (Chromium security severity: Low)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Inappropriate implementation",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-03T03:09:06.293Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "url": "https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html"
        },
        {
          "url": "https://issues.chromium.org/issues/323583084"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2024-3845",
    "datePublished": "2024-04-17T07:46:12.166Z",
    "dateReserved": "2024-04-15T17:25:26.922Z",
    "dateUpdated": "2025-02-13T17:53:10.600Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2024-3845",
      "date": "2026-05-19",
      "epss": "0.0035",
      "percentile": "0.57561"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"124.0.6367.60\", \"matchCriteriaId\": \"AFB90495-B48B-4020-A2CC-51D77CABEB72\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CA277A6C-83EC-4536-9125-97B84C4FAF59\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. (Chromium security severity: Low)\"}, {\"lang\": \"es\", \"value\": \"La implementaci\\u00f3n inapropiada en Redes en Google Chrome anterior a 124.0.6367.60 permiti\\u00f3 a un atacante remoto eludir la pol\\u00edtica de contenido mixto a trav\\u00e9s de una p\\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: baja)\"}]",
      "id": "CVE-2024-3845",
      "lastModified": "2024-12-19T16:16:50.080",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 1.4}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
      "published": "2024-04-17T08:15:10.673",
      "references": "[{\"url\": \"https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html\", \"source\": \"chrome-cve-admin@google.com\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://issues.chromium.org/issues/323583084\", \"source\": \"chrome-cve-admin@google.com\", \"tags\": [\"Exploit\", \"Issue Tracking\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/\", \"source\": \"chrome-cve-admin@google.com\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7/\", \"source\": \"chrome-cve-admin@google.com\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ/\", \"source\": \"chrome-cve-admin@google.com\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/\", \"source\": \"chrome-cve-admin@google.com\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/\", \"source\": \"chrome-cve-admin@google.com\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/\", \"source\": \"chrome-cve-admin@google.com\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://issues.chromium.org/issues/323583084\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Issue Tracking\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}]",
      "sourceIdentifier": "chrome-cve-admin@google.com",
      "vulnStatus": "Analyzed",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-358\"}, {\"lang\": \"en\", \"value\": \"CWE-1068\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-3845\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2024-04-17T08:15:10.673\",\"lastModified\":\"2024-12-19T16:16:50.080\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. (Chromium security severity: Low)\"},{\"lang\":\"es\",\"value\":\"La implementaci\u00f3n inapropiada en Redes en Google Chrome anterior a 124.0.6367.60 permiti\u00f3 a un atacante remoto eludir la pol\u00edtica de contenido mixto a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: baja)\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-358\"},{\"lang\":\"en\",\"value\":\"CWE-1068\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"124.0.6367.60\",\"matchCriteriaId\":\"AFB90495-B48B-4020-A2CC-51D77CABEB72\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA277A6C-83EC-4536-9125-97B84C4FAF59\"}]}]}],\"references\":[{\"url\":\"https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://issues.chromium.org/issues/323583084\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://issues.chromium.org/issues/323583084\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://issues.chromium.org/issues/323583084\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T20:26:56.914Z\"}}, {\"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-3845\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-05-07T17:50:32.798582Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\"], \"vendor\": \"google\", \"product\": \"chrome\", \"versions\": [{\"status\": \"affected\", \"version\": \"124.0.6367.60\"}], \"defaultStatus\": \"unknown\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-358\", \"description\": \"CWE-358 Improperly Implemented Security Check for Standard\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1068\", \"description\": \"CWE-1068 Inconsistency Between Implementation and Documented Design\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-07T17:52:16.287Z\"}, \"title\": \"CISA ADP Vulnrichment\"}], \"cna\": {\"affected\": [{\"vendor\": \"Google\", \"product\": \"Chrome\", \"versions\": [{\"status\": \"affected\", \"version\": \"124.0.6367.60\", \"lessThan\": \"124.0.6367.60\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html\"}, {\"url\": \"https://issues.chromium.org/issues/323583084\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. (Chromium security severity: Low)\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"Inappropriate implementation\"}]}], \"providerMetadata\": {\"orgId\": \"ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28\", \"shortName\": \"Chrome\", \"dateUpdated\": \"2024-05-03T03:09:06.293Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-3845\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-13T17:53:10.600Z\", \"dateReserved\": \"2024-04-15T17:25:26.922Z\", \"assignerOrgId\": \"ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28\", \"datePublished\": \"2024-04-17T07:46:12.166Z\", \"assignerShortName\": \"Chrome\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2024-AVI-0313

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Google	Chrome	Google Chrome Extended Stable versions antérieures à 124.0.6367.60/.61 pour Windows et Mac
Google	Chrome	Google Chrome versions antérieures à 124.0.6367.60/.61 pour Windows et Mac
Google	Chrome	Google Chrome versions antérieures à 124.0.6367.60 pour Linux

References

Title

Publication Time

Tags

Bulletin de sécurité Google Chrome du 16 avril 2024

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Google Chrome Extended Stable versions ant\u00e9rieures \u00e0 124.0.6367.60/.61 pour Windows et Mac",
      "product": {
        "name": "Chrome",
        "vendor": {
          "name": "Google",
          "scada": false
        }
      }
    },
    {
      "description": "Google Chrome versions ant\u00e9rieures \u00e0 124.0.6367.60/.61 pour Windows et Mac",
      "product": {
        "name": "Chrome",
        "vendor": {
          "name": "Google",
          "scada": false
        }
      }
    },
    {
      "description": "Google Chrome versions ant\u00e9rieures \u00e0 124.0.6367.60 pour Linux",
      "product": {
        "name": "Chrome",
        "vendor": {
          "name": "Google",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2024-3832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3832"
    },
    {
      "name": "CVE-2024-3843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3843"
    },
    {
      "name": "CVE-2024-3833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3833"
    },
    {
      "name": "CVE-2024-3838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3838"
    },
    {
      "name": "CVE-2024-3840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3840"
    },
    {
      "name": "CVE-2024-3847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3847"
    },
    {
      "name": "CVE-2024-3914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3914"
    },
    {
      "name": "CVE-2024-3841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3841"
    },
    {
      "name": "CVE-2024-3844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3844"
    },
    {
      "name": "CVE-2024-3839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3839"
    },
    {
      "name": "CVE-2024-3837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3837"
    },
    {
      "name": "CVE-2024-3846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3846"
    },
    {
      "name": "CVE-2024-3845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3845"
    },
    {
      "name": "CVE-2024-3834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3834"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0313",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-04-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eGoogle Chrome\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Chrome",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Google Chrome du 16 avril 2024",
      "url": "https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html"
    }
  ]
}

CERTFR-2024-AVI-0327

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Microsoft	Edge	Microsoft Edge (Chromium-based) versions antérieures à 124.0.2478.51

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft Edge du 18 avril 2024	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-3845 du 18 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-3846 du 18 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-3841 du 18 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-3844 du 18 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-29987 du 18 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-3833 du 18 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-3838 du 18 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-3843 du 18 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-3840 du 18 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-3832 du 18 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-3837 du 18 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-3839 du 18 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-3914 du 18 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-3834 du 18 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-3847 du 18 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-29986 du 18 avril 2024	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Edge (Chromium-based) versions ant\u00e9rieures \u00e0 124.0.2478.51",
      "product": {
        "name": "Edge",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2024-3832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3832"
    },
    {
      "name": "CVE-2024-3843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3843"
    },
    {
      "name": "CVE-2024-3833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3833"
    },
    {
      "name": "CVE-2024-3838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3838"
    },
    {
      "name": "CVE-2024-3840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3840"
    },
    {
      "name": "CVE-2024-3847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3847"
    },
    {
      "name": "CVE-2024-3914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3914"
    },
    {
      "name": "CVE-2024-3841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3841"
    },
    {
      "name": "CVE-2024-29987",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29987"
    },
    {
      "name": "CVE-2024-29986",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29986"
    },
    {
      "name": "CVE-2024-3844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3844"
    },
    {
      "name": "CVE-2024-3839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3839"
    },
    {
      "name": "CVE-2024-3837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3837"
    },
    {
      "name": "CVE-2024-3846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3846"
    },
    {
      "name": "CVE-2024-3845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3845"
    },
    {
      "name": "CVE-2024-3834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3834"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-3845 du 18 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3845"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-3846 du 18 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3846"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-3841 du 18 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3841"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-3844 du 18 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3844"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-29987 du 18 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29987"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-3833 du 18 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3833"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-3838 du 18 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3838"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-3843 du 18 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3843"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-3840 du 18 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3840"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-3832 du 18 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3832"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-3837 du 18 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3837"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-3839 du 18 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3839"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-3914 du 18 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3914"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-3834 du 18 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3834"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-3847 du 18 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3847"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-29986 du 18 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29986"
    }
  ],
  "reference": "CERTFR-2024-AVI-0327",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-04-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Edge\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un\ncontournement de la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge du 18 avril 2024",
      "url": null
    }
  ]
}

CERTFR-2024-AVI-0313

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Google	Chrome	Google Chrome Extended Stable versions antérieures à 124.0.6367.60/.61 pour Windows et Mac
Google	Chrome	Google Chrome versions antérieures à 124.0.6367.60/.61 pour Windows et Mac
Google	Chrome	Google Chrome versions antérieures à 124.0.6367.60 pour Linux

References

Title

Publication Time

Tags

Bulletin de sécurité Google Chrome du 16 avril 2024

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Google Chrome Extended Stable versions ant\u00e9rieures \u00e0 124.0.6367.60/.61 pour Windows et Mac",
      "product": {
        "name": "Chrome",
        "vendor": {
          "name": "Google",
          "scada": false
        }
      }
    },
    {
      "description": "Google Chrome versions ant\u00e9rieures \u00e0 124.0.6367.60/.61 pour Windows et Mac",
      "product": {
        "name": "Chrome",
        "vendor": {
          "name": "Google",
          "scada": false
        }
      }
    },
    {
      "description": "Google Chrome versions ant\u00e9rieures \u00e0 124.0.6367.60 pour Linux",
      "product": {
        "name": "Chrome",
        "vendor": {
          "name": "Google",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2024-3832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3832"
    },
    {
      "name": "CVE-2024-3843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3843"
    },
    {
      "name": "CVE-2024-3833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3833"
    },
    {
      "name": "CVE-2024-3838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3838"
    },
    {
      "name": "CVE-2024-3840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3840"
    },
    {
      "name": "CVE-2024-3847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3847"
    },
    {
      "name": "CVE-2024-3914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3914"
    },
    {
      "name": "CVE-2024-3841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3841"
    },
    {
      "name": "CVE-2024-3844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3844"
    },
    {
      "name": "CVE-2024-3839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3839"
    },
    {
      "name": "CVE-2024-3837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3837"
    },
    {
      "name": "CVE-2024-3846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3846"
    },
    {
      "name": "CVE-2024-3845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3845"
    },
    {
      "name": "CVE-2024-3834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3834"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0313",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-04-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eGoogle Chrome\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Chrome",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Google Chrome du 16 avril 2024",
      "url": "https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html"
    }
  ]
}

CERTFR-2024-AVI-0327

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Microsoft	Edge	Microsoft Edge (Chromium-based) versions antérieures à 124.0.2478.51

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft Edge du 18 avril 2024	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-3845 du 18 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-3846 du 18 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-3841 du 18 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-3844 du 18 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-29987 du 18 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-3833 du 18 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-3838 du 18 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-3843 du 18 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-3840 du 18 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-3832 du 18 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-3837 du 18 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-3839 du 18 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-3914 du 18 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-3834 du 18 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-3847 du 18 avril 2024	-	other
Bulletin de sécurité Microsoft CVE-2024-29986 du 18 avril 2024	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Edge (Chromium-based) versions ant\u00e9rieures \u00e0 124.0.2478.51",
      "product": {
        "name": "Edge",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2024-3832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3832"
    },
    {
      "name": "CVE-2024-3843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3843"
    },
    {
      "name": "CVE-2024-3833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3833"
    },
    {
      "name": "CVE-2024-3838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3838"
    },
    {
      "name": "CVE-2024-3840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3840"
    },
    {
      "name": "CVE-2024-3847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3847"
    },
    {
      "name": "CVE-2024-3914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3914"
    },
    {
      "name": "CVE-2024-3841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3841"
    },
    {
      "name": "CVE-2024-29987",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29987"
    },
    {
      "name": "CVE-2024-29986",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29986"
    },
    {
      "name": "CVE-2024-3844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3844"
    },
    {
      "name": "CVE-2024-3839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3839"
    },
    {
      "name": "CVE-2024-3837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3837"
    },
    {
      "name": "CVE-2024-3846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3846"
    },
    {
      "name": "CVE-2024-3845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3845"
    },
    {
      "name": "CVE-2024-3834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3834"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-3845 du 18 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3845"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-3846 du 18 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3846"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-3841 du 18 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3841"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-3844 du 18 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3844"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-29987 du 18 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29987"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-3833 du 18 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3833"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-3838 du 18 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3838"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-3843 du 18 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3843"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-3840 du 18 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3840"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-3832 du 18 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3832"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-3837 du 18 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3837"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-3839 du 18 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3839"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-3914 du 18 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3914"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-3834 du 18 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3834"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-3847 du 18 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3847"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-29986 du 18 avril 2024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29986"
    }
  ],
  "reference": "CERTFR-2024-AVI-0327",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-04-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Edge\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un\ncontournement de la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge du 18 avril 2024",
      "url": null
    }
  ]
}

BDU:2024-03276

Vulnerability from fstec - Published: 16.04.2024

Title

Уязвимость компонента Networks браузеров Microsoft Edge и Google Chrome , позволяющая нарушителю получить доступ к конфиденциальной информации

Description

Уязвимость компонента Networks браузеров Microsoft Edge и Google Chrome связана с неправильным ограничением отображаемых слоев или фреймов пользовательского интерфейса. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, получить доступ к конфиденциальной информации

Severity ?


                    
                      AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

Vendor

ООО «РусБИТех-Астра», Сообщество свободного программного обеспечения, ООО «Ред Софт», Fedora Project, Microsoft Corp, Google Inc, АО "НППКТ"

Software Name

Astra Linux Special Edition (запись в едином реестре российских программ №369), Debian GNU/Linux, РЕД ОС (запись в едином реестре российских программ №3751), Fedora, Microsoft Edge, Google Chrome, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913)

Software Version

1.6 «Смоленск» (Astra Linux Special Edition), 10 (Debian GNU/Linux), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 7.3 (РЕД ОС), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), 38 (Fedora), 39 (Fedora), до 124.0.2478.51 (Microsoft Edge), до 124.0.6367.60 (Google Chrome), до 2.11 (ОСОН ОСнова Оnyx), до 2.13 (ОСОН ОСнова Оnyx)

Possible Mitigations

Использование рекомендаций: Для Microsoft Edge: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3845 Для Google Chrome: https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html Для Debian GNU/Linux: https://security-tracker.debian.org/tracker/CVE-2024-3845 Для Fedora: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/ Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/ Для ОСОН ОСнова Оnyx (2.11): Обновление программного обеспечения chromium до версии 126.0.6478.126+repack-1~deb12u1.osnova1 Для ОС Astra Linux: обновить пакет chromium до 1:126.0.6478.126-0astragost0+ci202407031048+astra8 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17 Для Astra Linux Special Edition 1.6 «Смоленск»:: обновить пакет chromium до 1:126.0.6478.182-0astragost0+ci202407301048+astra6 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20241017SE16 Для Astra Linux Special Edition 4.7 для архитектуры ARM: обновить пакет chromium до 1:129.0.6668.100-0astragost0+ci202410111611+astra8+ci2 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47 Обновление программного обеспечения yandex-browser-certified до версии 24.6.4.697-1osnova2u1

Reference

https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html https://issues.chromium.org/issues/331383939 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/ https://security-tracker.debian.org/tracker/CVE-2024-3845 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3845 https://www.cybersecurity-help.cz/vdb/SB20240417109 http://repo.red-soft.ru/redos/7.3c/x86_64/updates/ https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.11/ https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17 https://wiki.astralinux.ru/astra-linux-se16-bulletin-20241017SE16 https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47 https://issues.chromium.org/issues/323583084 https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.13/

CWE

CWE-358

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
  "CVSS 3.0": "AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "TO1199, TO1204, TO1233, TO1234, TO1235, TO1236",
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": "TO1199 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 Google Chrome, TO1204 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 Microsoft Edge 124.0.2478.51 (Stable), TO1233 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 Google Chrome, TO1234 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 Google Chrome, TO1235 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 Google Chrome, TO1236 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 Google Chrome",
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, Fedora Project, Microsoft Corp, Google Inc, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 10 (Debian GNU/Linux), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 7.3 (\u0420\u0415\u0414 \u041e\u0421), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), 38 (Fedora), 39 (Fedora), \u0434\u043e 124.0.2478.51 (Microsoft Edge), \u0434\u043e 124.0.6367.60 (Google Chrome), \u0434\u043e 2.11 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u0434\u043e 2.13 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Microsoft Edge:\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3845\n\n\u0414\u043b\u044f Google Chrome:\nhttps://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2024-3845\n\n\u0414\u043b\u044f Fedora:\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/\t\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (2.11):\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f chromium \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 126.0.6478.126+repack-1~deb12u1.osnova1\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 chromium \u0434\u043e 1:126.0.6478.126-0astragost0+ci202407031048+astra8 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17\n\n\u0414\u043b\u044f Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb::\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 chromium \u0434\u043e 1:126.0.6478.182-0astragost0+ci202407301048+astra6 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20241017SE16\n\n\u0414\u043b\u044f Astra Linux Special Edition 4.7 \u0434\u043b\u044f \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b ARM:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 chromium \u0434\u043e 1:129.0.6668.100-0astragost0+ci202410111611+astra8+ci2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f yandex-browser-certified \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 24.6.4.697-1osnova2u1",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "16.04.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "09.06.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "26.04.2024",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-03276",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-3845",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Debian GNU/Linux, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Fedora, Microsoft Edge, Google Chrome, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux - , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Microsoft Corp Windows - , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , Apple Inc. MacOS - , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 12 , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Fedora Project Fedora 38 , Fedora Project Fedora 39 , \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.11  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.13  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 Networks \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432 Microsoft Edge \u0438 Google Chrome , \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u044b\u0445 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432 (CWE-358)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 Networks \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432 Microsoft Edge \u0438 Google Chrome \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u043c \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435\u043c \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0430\u0435\u043c\u044b\u0445 \u0441\u043b\u043e\u0435\u0432 \u0438\u043b\u0438 \u0444\u0440\u0435\u0439\u043c\u043e\u0432 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u0433\u043e \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0417\u043b\u043e\u0443\u043f\u043e\u0442\u0440\u0435\u0431\u043b\u0435\u043d\u0438\u0435 \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u043e\u043c",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html\t\nhttps://issues.chromium.org/issues/331383939\t\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/\t\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/\t\nhttps://security-tracker.debian.org/tracker/CVE-2024-3845\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3845\nhttps://www.cybersecurity-help.cz/vdb/SB20240417109\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.11/\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20241017SE16\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47\nhttps://issues.chromium.org/issues/323583084\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.13/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-358",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5)\n\u041d\u0438\u0437\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 3,1)"
}

CNVD-2024-29279

Vulnerability from cnvd - Published: 2024-06-26

Title

Google Chrome安全绕过漏洞（CNVD-2024-29279）

Description

Google Chrome是美国谷歌（Google）公司的一款Web浏览器。 Google Chrome存在安全绕过漏洞，攻击者可利用该漏洞通过精心制作的HTML页面绕过混合内容策略。

Severity

高

Patch Name

Google Chrome安全绕过漏洞（CNVD-2024-29279）的补丁

Patch Description

Google Chrome是美国谷歌（Google）公司的一款Web浏览器。 Google Chrome存在安全绕过漏洞，攻击者可利用该漏洞通过精心制作的HTML页面绕过混合内容策略。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html

Reference

https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html

Impacted products

Name
Google Chrome <124.0.6367.60

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-3845",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-3845"
    }
  },
  "description": "Google Chrome\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u7684\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\u3002\n\nGoogle Chrome\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u7cbe\u5fc3\u5236\u4f5c\u7684HTML\u9875\u9762\u7ed5\u8fc7\u6df7\u5408\u5185\u5bb9\u7b56\u7565\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-29279",
  "openTime": "2024-06-26",
  "patchDescription": "Google Chrome\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u7684\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\u3002\r\n\r\nGoogle Chrome\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u7cbe\u5fc3\u5236\u4f5c\u7684HTML\u9875\u9762\u7ed5\u8fc7\u6df7\u5408\u5185\u5bb9\u7b56\u7565\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Google Chrome\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff08CNVD-2024-29279\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Google Chrome \u003c124.0.6367.60"
  },
  "referenceLink": "https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html",
  "serverity": "\u9ad8",
  "submitTime": "2024-04-18",
  "title": "Google Chrome\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff08CNVD-2024-29279\uff09"
}

FKIE_CVE-2024-3845

Vulnerability from fkie_nvd - Published: 2024-04-17 08:15 - Updated: 2024-12-19 16:16

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. (Chromium security severity: Low)

References

URL	Tags
chrome-cve-admin@google.com	https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html	Release Notes
chrome-cve-admin@google.com	https://issues.chromium.org/issues/323583084	Exploit, Issue Tracking
chrome-cve-admin@google.com	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/	Mailing List
chrome-cve-admin@google.com	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7/	Mailing List
chrome-cve-admin@google.com	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ/	Mailing List
chrome-cve-admin@google.com	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/	Mailing List
chrome-cve-admin@google.com	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/	Mailing List
chrome-cve-admin@google.com	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/	Mailing List
af854a3a-2127-422b-91ae-364da2661108	https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html	Release Notes
af854a3a-2127-422b-91ae-364da2661108	https://issues.chromium.org/issues/323583084	Exploit, Issue Tracking
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/	Mailing List
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7/	Mailing List
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ/	Mailing List
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/	Mailing List
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/	Mailing List
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/	Mailing List

Impacted products

Vendor	Product	Version
google	chrome	*
fedoraproject	fedora	38
fedoraproject	fedora	39
fedoraproject	fedora	40

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFB90495-B48B-4020-A2CC-51D77CABEB72",
              "versionEndExcluding": "124.0.6367.60",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. (Chromium security severity: Low)"
    },
    {
      "lang": "es",
      "value": "La implementaci\u00f3n inapropiada en Redes en Google Chrome anterior a 124.0.6367.60 permiti\u00f3 a un atacante remoto eludir la pol\u00edtica de contenido mixto a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: baja)"
    }
  ],
  "id": "CVE-2024-3845",
  "lastModified": "2024-12-19T16:16:50.080",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-04-17T08:15:10.673",
  "references": [
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Release Notes"
      ],
      "url": "https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Exploit",
        "Issue Tracking"
      ],
      "url": "https://issues.chromium.org/issues/323583084"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7/"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ/"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes"
      ],
      "url": "https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking"
      ],
      "url": "https://issues.chromium.org/issues/323583084"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/"
    }
  ],
  "sourceIdentifier": "chrome-cve-admin@google.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-358"
        },
        {
          "lang": "en",
          "value": "CWE-1068"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

GHSA-C47Q-H9W3-RCWG

Vulnerability from github – Published: 2024-04-17 09:30 – Updated: 2024-07-03 18:34

Details

Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. (Chromium security severity: Low)

Severity ?

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-3845"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1068",
      "CWE-358"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-17T08:15:10Z",
    "severity": "CRITICAL"
  },
  "details": "Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. (Chromium security severity: Low)",
  "id": "GHSA-c47q-h9w3-rcwg",
  "modified": "2024-07-03T18:34:44Z",
  "published": "2024-04-17T09:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3845"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/323583084"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2024-3845

Vulnerability from gsd - Updated: 2024-04-16 05:01

Details

Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. (Chromium security severity: Low)

Aliases

CVE-2024-3845

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-3845"
      ],
      "details": "Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. (Chromium security severity: Low)",
      "id": "GSD-2024-3845",
      "modified": "2024-04-16T05:01:59.617758Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "chrome-cve-admin@google.com",
        "ID": "CVE-2024-3845",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Chrome",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "124.0.6367.60",
                          "version_value": "124.0.6367.60"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Google"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. (Chromium security severity: Low)"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Inappropriate implementation"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html",
            "refsource": "MISC",
            "url": "https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html"
          },
          {
            "name": "https://issues.chromium.org/issues/323583084",
            "refsource": "MISC",
            "url": "https://issues.chromium.org/issues/323583084"
          },
          {
            "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/",
            "refsource": "MISC",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/"
          },
          {
            "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/",
            "refsource": "MISC",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/"
          },
          {
            "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/",
            "refsource": "MISC",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/"
          },
          {
            "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ/",
            "refsource": "MISC",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ/"
          },
          {
            "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7/",
            "refsource": "MISC",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "descriptions": [
          {
            "lang": "en",
            "value": "Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. (Chromium security severity: Low)"
          },
          {
            "lang": "es",
            "value": "La implementaci\u00f3n inapropiada en Redes en Google Chrome anterior a 124.0.6367.60 permiti\u00f3 a un atacante remoto eludir la pol\u00edtica de contenido mixto a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: baja)"
          }
        ],
        "id": "CVE-2024-3845",
        "lastModified": "2024-04-28T04:15:15.770",
        "metrics": {},
        "published": "2024-04-17T08:15:10.673",
        "references": [
          {
            "source": "chrome-cve-admin@google.com",
            "url": "https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html"
          },
          {
            "source": "chrome-cve-admin@google.com",
            "url": "https://issues.chromium.org/issues/323583084"
          },
          {
            "source": "chrome-cve-admin@google.com",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/"
          },
          {
            "source": "chrome-cve-admin@google.com",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7/"
          },
          {
            "source": "chrome-cve-admin@google.com",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ/"
          },
          {
            "source": "chrome-cve-admin@google.com",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/"
          },
          {
            "source": "chrome-cve-admin@google.com",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/"
          }
        ],
        "sourceIdentifier": "chrome-cve-admin@google.com",
        "vulnStatus": "Awaiting Analysis"
      }
    }
  }
}

OPENSUSE-SU-2024:0128-1

Vulnerability from csaf_opensuse - Published: 2024-05-16 11:13 - Updated: 2024-05-16 11:13

Summary

Security update for opera

Severity

Important

Notes

Title of the patch: Security update for opera

Description of the patch: This update for opera fixes the following issues: - Update to 110.0.5130.23 * CHR-9706 Update Chromium on desktop-stable-124-5130 to 124.0.6367.62 * DNA-116450 Promote 110 to stable - Complete Opera 110 changelog at: https://blogs.opera.com/desktop/changelog-for-110/ - The update to chromium 124.0.6367.62 fixes following issues: CVE-2024-3832, CVE-2024-3833, CVE-2024-3914, CVE-2024-3834, CVE-2024-3837, CVE-2024-3838, CVE-2024-3839, CVE-2024-3840, CVE-2024-3841, CVE-2024-3843, CVE-2024-3844, CVE-2024-3845, CVE-2024-3846, CVE-2024-3847 - Update to 109.0.5097.80 * DNA-115738 Crash at extensions::ExtensionRegistry:: GetExtensionById(std::__Cr::basic_string const&, int) * DNA-115797 [Flow] Never ending loading while connecting to flow * DNA-116315 Chat GPT in Sidebar Panel doesn’t work - Update to 109.0.5097.59 * CHR-9416 Updating Chromium on desktop-stable-* branches * DNA-115810 Enable #drag-multiple-tabs on all streams - Update to 109.0.5097.45 * CHR-9416 Updating Chromium on desktop-stable-* branches * DNA-114737 [Search box] It's getting blurred when click on it, also lower corners are not rounded sometimes * DNA-115042 '+' button is not responsive when 30+ tabs opened * DNA-115326 Wrong fonts and padding after intake * DNA-115392 [Badges] Text displayed in red * DNA-115501 'Review your payment' native popup has wrong colors * DNA-115809 Enable #show-duplicate-indicator-on-link on all streams

Patchnames: openSUSE-2024-128

CVE-2024-3832

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 1 product

Product	Identifier	Version	Remediation
Unresolved product id: openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64		—	Vendor Fix

Threats

Impact critical

CVE-2024-3833

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 1 product

Product	Identifier	Version	Remediation
Unresolved product id: openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64		—	Vendor Fix

Threats

Impact critical

CVE-2024-3834

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 1 product

Product	Identifier	Version	Remediation
Unresolved product id: openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64		—	Vendor Fix

Threats

Impact critical

CVE-2024-3837

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 1 product

Product	Identifier	Version	Remediation
Unresolved product id: openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64		—	Vendor Fix

Threats

Impact critical

CVE-2024-3838

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Affected products

Recommended 1 product

Product	Identifier	Version	Remediation
Unresolved product id: openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64		—	Vendor Fix

Threats

Impact critical

CVE-2024-3839

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Affected products

Recommended 1 product

Product	Identifier	Version	Remediation
Unresolved product id: openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64		—	Vendor Fix

Threats

Impact critical

CVE-2024-3840

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected products

Recommended 1 product

Product	Identifier	Version	Remediation
Unresolved product id: openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64		—	Vendor Fix

Threats

Impact critical

CVE-2024-3841

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected products

Recommended 1 product

Product	Identifier	Version	Remediation
Unresolved product id: openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64		—	Vendor Fix

Threats

Impact critical

CVE-2024-3843

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Affected products

Recommended 1 product

Product	Identifier	Version	Remediation
Unresolved product id: openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64		—	Vendor Fix

Threats

Impact critical

CVE-2024-3844

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Affected products

Recommended 1 product

Product	Identifier	Version	Remediation
Unresolved product id: openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64		—	Vendor Fix

Threats

Impact critical

CVE-2024-3845

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Affected products

Recommended 1 product

Product	Identifier	Version	Remediation
Unresolved product id: openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64		—	Vendor Fix

Threats

Impact critical

CVE-2024-3846

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Affected products

Recommended 1 product

Product	Identifier	Version	Remediation
Unresolved product id: openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64		—	Vendor Fix

Threats

Impact critical

CVE-2024-3847

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected products

Recommended 1 product

Product	Identifier	Version	Remediation
Unresolved product id: openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64		—	Vendor Fix

Threats

Impact critical

CVE-2024-3914

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected products

Recommended 1 product

Product	Identifier	Version	Remediation
Unresolved product id: openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64		—	Vendor Fix

Threats

Impact critical

References

46 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://lists.opensuse.org/archives/list/security…	self
https://lists.opensuse.org/archives/list/security…	self
https://www.suse.com/security/cve/CVE-2024-3832/	self
https://www.suse.com/security/cve/CVE-2024-3833/	self
https://www.suse.com/security/cve/CVE-2024-3834/	self
https://www.suse.com/security/cve/CVE-2024-3837/	self
https://www.suse.com/security/cve/CVE-2024-3838/	self
https://www.suse.com/security/cve/CVE-2024-3839/	self
https://www.suse.com/security/cve/CVE-2024-3840/	self
https://www.suse.com/security/cve/CVE-2024-3841/	self
https://www.suse.com/security/cve/CVE-2024-3843/	self
https://www.suse.com/security/cve/CVE-2024-3844/	self
https://www.suse.com/security/cve/CVE-2024-3845/	self
https://www.suse.com/security/cve/CVE-2024-3846/	self
https://www.suse.com/security/cve/CVE-2024-3847/	self
https://www.suse.com/security/cve/CVE-2024-3914/	self
https://www.suse.com/security/cve/CVE-2024-3832	external
https://bugzilla.suse.com/1222958	external
https://www.suse.com/security/cve/CVE-2024-3833	external
https://bugzilla.suse.com/1222958	external
https://www.suse.com/security/cve/CVE-2024-3834	external
https://bugzilla.suse.com/1222958	external
https://www.suse.com/security/cve/CVE-2024-3837	external
https://bugzilla.suse.com/1222958	external
https://www.suse.com/security/cve/CVE-2024-3838	external
https://bugzilla.suse.com/1222958	external
https://www.suse.com/security/cve/CVE-2024-3839	external
https://bugzilla.suse.com/1222958	external
https://www.suse.com/security/cve/CVE-2024-3840	external
https://bugzilla.suse.com/1222958	external
https://www.suse.com/security/cve/CVE-2024-3841	external
https://bugzilla.suse.com/1222958	external
https://www.suse.com/security/cve/CVE-2024-3843	external
https://bugzilla.suse.com/1222958	external
https://www.suse.com/security/cve/CVE-2024-3844	external
https://bugzilla.suse.com/1222958	external
https://www.suse.com/security/cve/CVE-2024-3845	external
https://bugzilla.suse.com/1222958	external
https://www.suse.com/security/cve/CVE-2024-3846	external
https://bugzilla.suse.com/1222958	external
https://www.suse.com/security/cve/CVE-2024-3847	external
https://bugzilla.suse.com/1222958	external
https://www.suse.com/security/cve/CVE-2024-3914	external
https://bugzilla.suse.com/1222958	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for opera",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for opera fixes the following issues:\n\n- Update to 110.0.5130.23\n\n  * CHR-9706 Update Chromium on desktop-stable-124-5130 to\n    124.0.6367.62\n  * DNA-116450 Promote 110 to stable\n\n- Complete Opera 110 changelog at:\n  https://blogs.opera.com/desktop/changelog-for-110/\n\n- The update to chromium 124.0.6367.62 fixes following issues: \n\n  CVE-2024-3832, CVE-2024-3833, CVE-2024-3914, CVE-2024-3834,\n  CVE-2024-3837, CVE-2024-3838, CVE-2024-3839, CVE-2024-3840,\n  CVE-2024-3841, CVE-2024-3843, CVE-2024-3844, CVE-2024-3845,\n  CVE-2024-3846, CVE-2024-3847\n\n- Update to 109.0.5097.80\n\n  * DNA-115738 Crash at extensions::ExtensionRegistry::\n    GetExtensionById(std::__Cr::basic_string const\u0026, int)\n  * DNA-115797 [Flow] Never ending loading while connecting to flow\n  * DNA-116315 Chat GPT in Sidebar Panel doesn\u2019t work\n\n- Update to 109.0.5097.59\n\n  * CHR-9416 Updating Chromium on desktop-stable-* branches\n  * DNA-115810 Enable #drag-multiple-tabs on all streams\n\n- Update to 109.0.5097.45\n\n  * CHR-9416 Updating Chromium on desktop-stable-* branches\n  * DNA-114737 [Search box] It\u0027s getting blurred when click\n    on it, also lower corners are not rounded sometimes\n  * DNA-115042 \u0027+\u0027 button is not responsive when 30+ tabs opened\n  * DNA-115326 Wrong fonts and padding after intake\n  * DNA-115392 [Badges] Text displayed in red\n  * DNA-115501 \u0027Review your payment\u0027 native popup has wrong colors\n  * DNA-115809 Enable #show-duplicate-indicator-on-link on\n    all streams\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2024-128",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_0128-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2024:0128-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QVLMJIQMVDQI2D33EDKB65KEXN6OMIRX/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2024:0128-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QVLMJIQMVDQI2D33EDKB65KEXN6OMIRX/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-3832 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-3832/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-3833 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-3833/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-3834 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-3834/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-3837 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-3837/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-3838 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-3838/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-3839 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-3839/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-3840 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-3840/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-3841 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-3841/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-3843 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-3843/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-3844 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-3844/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-3845 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-3845/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-3846 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-3846/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-3847 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-3847/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-3914 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-3914/"
      }
    ],
    "title": "Security update for opera",
    "tracking": {
      "current_release_date": "2024-05-16T11:13:38Z",
      "generator": {
        "date": "2024-05-16T11:13:38Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:0128-1",
      "initial_release_date": "2024-05-16T11:13:38Z",
      "revision_history": [
        {
          "date": "2024-05-16T11:13:38Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "opera-110.0.5130.23-lp155.3.45.1.x86_64",
                "product": {
                  "name": "opera-110.0.5130.23-lp155.3.45.1.x86_64",
                  "product_id": "opera-110.0.5130.23-lp155.3.45.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.5 NonFree",
                "product": {
                  "name": "openSUSE Leap 15.5 NonFree",
                  "product_id": "openSUSE Leap 15.5 NonFree"
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "opera-110.0.5130.23-lp155.3.45.1.x86_64 as component of openSUSE Leap 15.5 NonFree",
          "product_id": "openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
        },
        "product_reference": "opera-110.0.5130.23-lp155.3.45.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.5 NonFree"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-3832",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-3832"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-3832",
          "url": "https://www.suse.com/security/cve/CVE-2024-3832"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1222958 for CVE-2024-3832",
          "url": "https://bugzilla.suse.com/1222958"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-05-16T11:13:38Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2024-3832"
    },
    {
      "cve": "CVE-2024-3833",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-3833"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Object corruption in WebAssembly in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-3833",
          "url": "https://www.suse.com/security/cve/CVE-2024-3833"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1222958 for CVE-2024-3833",
          "url": "https://bugzilla.suse.com/1222958"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-05-16T11:13:38Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2024-3833"
    },
    {
      "cve": "CVE-2024-3834",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-3834"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Use after free in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-3834",
          "url": "https://www.suse.com/security/cve/CVE-2024-3834"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1222958 for CVE-2024-3834",
          "url": "https://bugzilla.suse.com/1222958"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-05-16T11:13:38Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2024-3834"
    },
    {
      "cve": "CVE-2024-3837",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-3837"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Use after free in QUIC in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-3837",
          "url": "https://www.suse.com/security/cve/CVE-2024-3837"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1222958 for CVE-2024-3837",
          "url": "https://bugzilla.suse.com/1222958"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-05-16T11:13:38Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2024-3837"
    },
    {
      "cve": "CVE-2024-3838",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-3838"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed an attacker who convinced a user to install a malicious app to perform UI spoofing via a crafted app. (Chromium security severity: Medium)",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-3838",
          "url": "https://www.suse.com/security/cve/CVE-2024-3838"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1222958 for CVE-2024-3838",
          "url": "https://bugzilla.suse.com/1222958"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-05-16T11:13:38Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2024-3838"
    },
    {
      "cve": "CVE-2024-3839",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-3839"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Out of bounds read in Fonts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-3839",
          "url": "https://www.suse.com/security/cve/CVE-2024-3839"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1222958 for CVE-2024-3839",
          "url": "https://bugzilla.suse.com/1222958"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-05-16T11:13:38Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2024-3839"
    },
    {
      "cve": "CVE-2024-3840",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-3840"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Insufficient policy enforcement in Site Isolation in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-3840",
          "url": "https://www.suse.com/security/cve/CVE-2024-3840"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1222958 for CVE-2024-3840",
          "url": "https://bugzilla.suse.com/1222958"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-05-16T11:13:38Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2024-3840"
    },
    {
      "cve": "CVE-2024-3841",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-3841"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Insufficient data validation in Browser Switcher in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to inject scripts or HTML into a privileged page via a malicious file. (Chromium security severity: Medium)",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-3841",
          "url": "https://www.suse.com/security/cve/CVE-2024-3841"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1222958 for CVE-2024-3841",
          "url": "https://bugzilla.suse.com/1222958"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-05-16T11:13:38Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2024-3841"
    },
    {
      "cve": "CVE-2024-3843",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-3843"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Insufficient data validation in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-3843",
          "url": "https://www.suse.com/security/cve/CVE-2024-3843"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1222958 for CVE-2024-3843",
          "url": "https://bugzilla.suse.com/1222958"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-05-16T11:13:38Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2024-3843"
    },
    {
      "cve": "CVE-2024-3844",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-3844"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Inappropriate implementation in Extensions in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-3844",
          "url": "https://www.suse.com/security/cve/CVE-2024-3844"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1222958 for CVE-2024-3844",
          "url": "https://bugzilla.suse.com/1222958"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-05-16T11:13:38Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2024-3844"
    },
    {
      "cve": "CVE-2024-3845",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-3845"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. (Chromium security severity: Low)",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-3845",
          "url": "https://www.suse.com/security/cve/CVE-2024-3845"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1222958 for CVE-2024-3845",
          "url": "https://bugzilla.suse.com/1222958"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-05-16T11:13:38Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2024-3845"
    },
    {
      "cve": "CVE-2024-3846",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-3846"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Inappropriate implementation in Prompts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-3846",
          "url": "https://www.suse.com/security/cve/CVE-2024-3846"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1222958 for CVE-2024-3846",
          "url": "https://bugzilla.suse.com/1222958"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-05-16T11:13:38Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2024-3846"
    },
    {
      "cve": "CVE-2024-3847",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-3847"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Insufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-3847",
          "url": "https://www.suse.com/security/cve/CVE-2024-3847"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1222958 for CVE-2024-3847",
          "url": "https://bugzilla.suse.com/1222958"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-05-16T11:13:38Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2024-3847"
    },
    {
      "cve": "CVE-2024-3914",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-3914"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Use after free in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-3914",
          "url": "https://www.suse.com/security/cve/CVE-2024-3914"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1222958 for CVE-2024-3914",
          "url": "https://bugzilla.suse.com/1222958"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.5 NonFree:opera-110.0.5130.23-lp155.3.45.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-05-16T11:13:38Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2024-3914"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-3845 (GCVE-0-2024-3845)

Solution

Solution

Solution

Solution

Tags

Sightings

Nomenclature