Remote Attack via Flawed Chrome Extension Implementation
CVE-2024-10229

8.1HIGH

Key Information:

Vendor: Google
Status: Chrome
Vendor: CVE Published:; 22 October 2024

Summary

A vulnerability in Google Chrome has been identified due to an inappropriate implementation in Extensions prior to version 130.0.6723.69. This flaw enables a remote attacker to circumvent site isolation mechanisms by deploying a specially crafted Chrome Extension. The exploit can potentially expose sensitive user data and compromise overall browser security, making it crucial for users to update their browser to the latest version to mitigate this risk.

Affected Version(s)

Chrome 130.0.6723.69

References

https://chromereleases.googleblog.com/2024/10/stable-chan...

https://issues.chromium.org/issues/371011220

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 22, 2024
Vulnerability Reserved
Oct 22, 2024

Collectors

NVD DatabaseMitre DatabaseGoogle Feed