CVE-2024-7976

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Aug 21, 2024
Updated: Aug 22, 2024

Summary

CVE-2024-7976 is a vulnerability in Google Chrome versions prior to 128.0.6613.84, characterized by an inappropriate implementation in FedCM that permits remote attackers to conduct UI spoofing through crafted HTML pages. Affected products include a variety of Chrome-based applications and extensions, as detailed in the full list of affected products. The vulnerability has a medium severity rating, with an exploitability score of 2.8 and a base score of 4.3 on the CVSS scale, indicating low integrity impact and no confidentiality impact but requiring user interaction for exploitation. To remediate this issue, users are advised to upgrade their Chrome browser to version 128.0.6613.84 or later as soon as possible. This vulnerability poses a potential risk to organizations by enabling phishing attacks or misleading users through fraudulent interfaces, which can compromise data security and user trust.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share