CVE-2024-0333

Опубликовано: 11 янв. 2024

Источник: msrc

EPSS Низкий

Описание

Chromium: CVE-2024-0333 Insufficient data validation in Extensions

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

FAQ

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.

How can I see the version of the browser?

In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
Click on Help and Feedback
Click on About Microsoft Edge

What is the version information for this release?

Microsoft Edge Channel	Microsoft Edge Version	Based on Chromium Version	Date Released
Stable	120.0.2210.133	120.0.6099.216/217	1/11/2024

Возможность эксплуатации

DOS

N/A

EPSS

Процентиль: 28%

0.00097

Низкий

Связанные уязвимости

CVE-2024-0333

CVSS3: 5.3

ubuntu

больше 1 года назад

Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to install a malicious extension via a crafted HTML page. (Chromium security severity: High)

CVE-2024-0333

CVSS3: 5.3

nvd

больше 1 года назад

CVE-2024-0333

CVSS3: 5.3

debian

больше 1 года назад

Insufficient data validation in Extensions in Google Chrome prior to 1 ...

GHSA-238j-9f3m-57fr

CVSS3: 5.3

github

больше 1 года назад

BDU:2024-00348

CVSS3: 6.3

fstec

больше 1 года назад

Уязвимость компонента Extensions (Расширения) браузера Google Chrome, позволяющая нарушителю установить вредоносное расширение и получить доступ на чтение файлов

EPSS

Процентиль: 28%

0.00097

Низкий