Malicious Extension Attack on Chrome DevTools Allows Arbitrary Code Execution
CVE-2024-5836
8.8HIGH
Summary
Inappropriate Implementation in DevTools in Google Chrome prior to 126.0.6478.54 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: High)
Affected Version(s)
Chrome < 126.0.6478.54
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
HIGH
Integrity:
HIGH
Availability:
HIGH
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
UNCHANGED
Timeline
Vulnerability Reserved.
Vulnerability published.
Collectors
NVD DatabaseMitre DatabaseGoogle Feed