Insufficient Data Validation in Dawn for Google Chrome on Android
CVE-2024-7256

8.8HIGH

Key Information:

Vendor
Google
Status
Chrome
Vendor
CVE Published:
1 August 2024

Badges

πŸ“° News Worthy

Summary

A vulnerability exists in the Dawn component of Google Chrome on Android, where insufficient data validation could allow a remote attacker to execute arbitrary code. This vulnerability is particularly concerning as it can be exploited through a specially crafted HTML page. Users of the affected versions are advised to update to the latest version, 127.0.6533.88 or above, to mitigate this security risk. The issue exemplifies the need for robust data handling practices in web browsers to prevent unauthorized access and potential system compromise.

Affected Version(s)

Chrome 127.0.6533.88

News Articles

favicon imageLatest Hacking News - Exploits, Vulnerabilities, Tech and Tutorials

Google Chrome 127 Release Addressed Multiple Security Bugs

Google addressed one critical and two high-severity flaws with the Chrome 127 release for Desktop and Android and urged users to update.

5 months ago

favicon imageCybersecurityNews

Microsoft Edge Vulnerability Let Attackers Execute Arbitrary Code

Microsoft has released a critical security update for its Edge browser to address multiple vulnerabilities, including a severe validation flaw that could allow attackers to execute arbitrary code on affected systems.

5 months ago

References

https://chromereleases.googleblog.com/2024/07/stable-chan...
https://issues.chromium.org/issues/354748060

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • πŸ“°

    First article discovered by CybersecurityNews

  • Vulnerability published

Collectors

NVD DatabaseMitre DatabaseGoogle Feed2 News Article(s)
.