Malicious Extension Attack on Chrome DevTools Allows Arbitrary Code Execution

CVE-2024-5836
8.8HIGH

Key Information

Vendor
Google
Status
Chrome
Vendor
Published:
11 June 2024

Summary

Inappropriate Implementation in DevTools in Google Chrome prior to 126.0.6478.54 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: High)

Affected Version(s)

Chrome < 126.0.6478.54

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
HIGH
Integrity:
HIGH
Availability:
HIGH
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
UNCHANGED

Timeline

  • Vulnerability Reserved.

  • Vulnerability published.

Collectors

NVD DatabaseMitre DatabaseGoogle Feed
.