Vulnerability CVE-2024-3838: Information

Description

Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed an attacker who convinced a user to install a malicious app to perform UI spoofing via a crafted app. (Chromium security severity: Medium)

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2024-3838
Published: April 17, 2024
Modified: April 23, 2024

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
chromiumsisyphus124.0.6367.60-alt1124.0.6367.207-alt1ALT-PU-2024-7078-1345568Fixed
chromiumsisyphus_loongarch64124.0.6367.78-alt1.0.port124.0.6367.78-alt1.0.portALT-PU-2024-7373-1-Fixed
chromium-gostsisyphus124.0.6367.78-alt1124.0.6367.78-alt1ALT-PU-2024-7309-1347217Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html
  • Vendor Advisory
https://issues.chromium.org/issues/328278717
  • Permissions Required
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/
    https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/
      https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/

          1. Configuration 1

            cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
            End excliding
            124.0.6367.60
        VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
        Version: v24.5.1
        Back to top