CVE Vulnerabilities

CVE-2024-1672

Use of Function with Inconsistent Implementations

Published: Feb 21, 2024 | Modified: Aug 01, 2024
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

Inappropriate implementation in Content Security Policy in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)

Weakness

The code uses a function that has inconsistent implementations across operating systems and versions.

Affected Software

Name Vendor Start Version End Version
Chromium-browser Ubuntu bionic *
Chromium-browser Ubuntu trusty *
Chromium-browser Ubuntu upstream *
Chromium-browser Ubuntu xenial *

Extended Description

The use of inconsistent implementations can cause changes in behavior when the code is ported or built under a different environment than the programmer expects, which can lead to security problems in some cases. The implementation of many functions varies by platform, and at times, even by different versions of the same platform. Implementation differences can include:

Potential Mitigations

References