CVE Vulnerabilities

CVE-2024-3173

Insufficient Verification of Data Authenticity

Published: Jul 16, 2024 | Modified: Jul 18, 2024
CVSS 3.x
8.8
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

Insufficient data validation in Updater in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High)

Weakness

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

Affected Software

Name Vendor Start Version End Version
Chrome Google * 120.0.6099.62 (excluding)

References