CVE-2024-52928

Опубликовано: 26 июн. 2025

Источник: nvd

CVSS3: 9.6

CVSS3: 8.3

EPSS Низкий

Описание

Arc before 1.26.1 on Windows has a bypass issue in the site settings that allows websites (with previously granted permissions) to add new permissions when the user clicks anywhere on the website.

Ссылки

https://arc.net/security/bulletins#windows-site-settings-bypass-cve-2024-52928
Vendor Advisory
https://thebrowser.company
Product

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:thebrowser:arc:*:*:*:*:*:*:*:*

Версия до 1.26.1 (исключая)

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 15%

0.00049

Низкий

9.6 Critical

CVSS3

8.3 High

CVSS3

Дефекты

CWE-284

Связанные уязвимости

GHSA-xfj5-q6qf-8jjc

CVSS3: 9.6

github

8 месяцев назад

Arc before 1.26.1 on Windows has a bypass issue in the site settings that allows websites (with previously granted permissions) to add new permissions when the user clicks anywhere on the website.

EPSS

Процентиль: 15%

0.00049

Низкий

9.6 Critical

CVSS3

8.3 High

CVSS3

Дефекты

CWE-284