CVE-2024-7980

CVSS 3.1 Score 7.3 of 10 (high)

Details

Published Aug 21, 2024
Updated: Aug 22, 2024
CWE ID 20

Summary

CVE-2024-7980 is a vulnerability affecting the Installer in Google Chrome on Windows versions prior to 128.0.6613.84, allowing local attackers to exploit insufficient data validation through crafted symbolic links for privilege escalation. The associated risk includes a high impact on integrity and confidentiality, with an overall severity score of 7.3, indicating potential severe security breaches if exploited. Remediation involves updating Google Chrome to at least version 128.0.6613.84 to mitigate this vulnerability effectively. Organizations are advised to implement this update promptly as the vulnerability poses a significant threat when exploited, requiring low privileges and user interaction for successful attacks. Relevant details about this vulnerability can be found in published references from Chromium's security updates and issue tracking systems.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share