Описание
Inappropriate implementation in WebAuthentication in Google Chrome on Android prior to 130.0.6723.58 allowed a local attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| chromium | fixed | 130.0.6723.58-1 | package | |
| chromium | end-of-life | bullseye | package | |
| firefox | not-affected | package |
Примечания
https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/#CVE-2024-9956
EPSS
Связанные уязвимости
Inappropriate implementation in WebAuthentication in Google Chrome on Android prior to 130.0.6723.58 allowed a local attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
Inappropriate implementation in WebAuthentication in Google Chrome on Android prior to 130.0.6723.58 allowed a local attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
Chromium: CVE-2024-9956 Inappropriate implementation in Web Authentication
Inappropriate implementation in WebAuthentication in Google Chrome on Android prior to 130.0.6723.58 allowed a local attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
Уязвимость компонента WebAuthentication браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю повысить свои привилегии
EPSS