Vulnerability-Lookup

CVE-2024-7968 (GCVE-0-2024-7968)

Vulnerability from cvelistv5 – Published: 2024-08-21 20:20 – Updated: 2024-08-27 13:02

Summary

Use after free in Autofill in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who had convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-416 - Use after free

Assigner

Chrome

References

URL

Tags

	https://chromereleases.googleblog.com/2024/08/sta…
	https://issues.chromium.org/issues/349253666

Impacted products

	Vendor	Product	Version
	Google	Chrome	Affected: 128.0.6613.84 , < 128.0.6613.84 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "chrome",
            "vendor": "google",
            "versions": [
              {
                "lessThan": "128.0.6613.84",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-7968",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-27T03:55:25.320435Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-27T13:02:30.858Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "128.0.6613.84",
              "status": "affected",
              "version": "128.0.6613.84",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Use after free in Autofill in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who had convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "Use after free",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-21T20:20:24.177Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "url": "https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html"
        },
        {
          "url": "https://issues.chromium.org/issues/349253666"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2024-7968",
    "datePublished": "2024-08-21T20:20:24.177Z",
    "dateReserved": "2024-08-19T19:17:20.113Z",
    "dateUpdated": "2024-08-27T13:02:30.858Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-7968\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-27T03:55:25.320435Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\"], \"vendor\": \"google\", \"product\": \"chrome\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"128.0.6613.84\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-416\", \"description\": \"CWE-416 Use After Free\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-22T19:01:07.305Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Google\", \"product\": \"Chrome\", \"versions\": [{\"status\": \"affected\", \"version\": \"128.0.6613.84\", \"lessThan\": \"128.0.6613.84\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html\"}, {\"url\": \"https://issues.chromium.org/issues/349253666\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Use after free in Autofill in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who had convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"cweId\": \"CWE-416\", \"description\": \"Use after free\"}]}], \"providerMetadata\": {\"orgId\": \"ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28\", \"shortName\": \"Chrome\", \"dateUpdated\": \"2024-08-21T20:20:24.177Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-7968\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-27T13:02:30.858Z\", \"dateReserved\": \"2024-08-19T19:17:20.113Z\", \"assignerOrgId\": \"ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28\", \"datePublished\": \"2024-08-21T20:20:24.177Z\", \"assignerShortName\": \"Chrome\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CNVD-2024-44542

Vulnerability from cnvd - Published: 2024-11-12

Title

Google Chrome释放后重用漏洞（CNVD-2024-44542）

Description

Google Chrome是美国谷歌（Google）公司的一款Web浏览器。 Google Chrome 128.0.6613.84之前版本存在释放后重用漏洞，攻击者可利用该漏洞通过精心制作的HTML页面导致堆损坏。

Severity

高

Patch Name

Google Chrome释放后重用漏洞（CNVD-2024-44542）的补丁

Patch Description

Google Chrome是美国谷歌（Google）公司的一款Web浏览器。 Google Chrome 128.0.6613.84之前版本存在释放后重用漏洞，攻击者可利用该漏洞通过精心制作的HTML页面导致堆损坏。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html

Reference

https://cxsecurity.com/cveshow/CVE-2024-7968/

Impacted products

Name
Google Chrome <128.0.6613.84

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-7968"
    }
  },
  "description": "Google Chrome\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u7684\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\u3002\n\nGoogle Chrome 128.0.6613.84\u4e4b\u524d\u7248\u672c\u5b58\u5728\u91ca\u653e\u540e\u91cd\u7528\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u7cbe\u5fc3\u5236\u4f5c\u7684HTML\u9875\u9762\u5bfc\u81f4\u5806\u635f\u574f\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-44542",
  "openTime": "2024-11-12",
  "patchDescription": "Google Chrome\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u7684\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\u3002\r\n\r\nGoogle Chrome 128.0.6613.84\u4e4b\u524d\u7248\u672c\u5b58\u5728\u91ca\u653e\u540e\u91cd\u7528\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u7cbe\u5fc3\u5236\u4f5c\u7684HTML\u9875\u9762\u5bfc\u81f4\u5806\u635f\u574f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Google Chrome\u91ca\u653e\u540e\u91cd\u7528\u6f0f\u6d1e\uff08CNVD-2024-44542\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Google Chrome \u003c128.0.6613.84"
  },
  "referenceLink": "https://cxsecurity.com/cveshow/CVE-2024-7968/",
  "serverity": "\u9ad8",
  "submitTime": "2024-08-22",
  "title": "Google Chrome\u91ca\u653e\u540e\u91cd\u7528\u6f0f\u6d1e\uff08CNVD-2024-44542\uff09"
}

CVE-2024-7968

Vulnerability from fstec - Published: 21.08.2024

Title

Уязвимость функции автозаполнения Autofill Payments браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код

Description

Уязвимость функции автозаполнения Autofill Payments браузеров Google Chrome и Microsoft Edge связана с возможностью использования памяти после освобождения. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код с помощью специально созданной HTML-страницы

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vendor

Novell Inc., Сообщество свободного программного обеспечения, ООО «Ред Софт», ООО «РусБИТех-Астра», Google Inc, Microsoft Corp, АО "НППКТ"

Software Name

OpenSUSE Leap, openSUSE Tumbleweed, Debian GNU/Linux, РЕД ОС (запись в едином реестре российских программ №3751), Astra Linux Special Edition (запись в едином реестре российских программ №369), Astra Linux Common Edition (запись в едином реестре российских программ №4433), SUSE Package Hub, Google Chrome, Microsoft Edge, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913)

Software Version

15.5 (OpenSUSE Leap), - (openSUSE Tumbleweed), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 7.3 (РЕД ОС), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), 1.6 «Смоленск» (Astra Linux Common Edition), 15 SP5 (SUSE Package Hub), 15.6 (OpenSUSE Leap), 15 SP6 (SUSE Package Hub), до 128.0.6613.84 (Google Chrome), до 128.0.2739.42 (Microsoft Edge), 1.8 (Astra Linux Special Edition), до 2.12 (ОСОН ОСнова Оnyx)

Possible Mitigations

Использование рекомендаций: Для программных продуктов Google Inc.: https://chromereleases.googleblog.com/2024 Для программных продуктов Microsoft Corp.: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7968 Для программных продуктов Novell Inc.: https://www.suse.com/security/cve/CVE-2024-7968.html Для Debian GNU/Linux: https://security-tracker.debian.org/tracker/CVE-2024-7968 Компенсирующие меры: - использование средств антивирусной защиты с функцией контроля доступа к веб-ресурсам; - контролируемый доступ в сеть Интернет – регламентация разрешенных сетевых ресурсов и соединений; - запуск веб-браузера от имени пользователя с минимальными возможными привилегиями в операционной системе; - применение систем обнаружения и предотвращения вторжений. Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/ Для Astra Linux Special Edition 4.7 для архитектуры ARM: обновить пакет chromium до 1:129.0.6668.100-0astragost0+ci202410111611+astra8+ci2 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47 Для ОС Astra Linux: обновить пакет chromium до 1:128.0.6613.119-0astragost0+ci202409101631+astra8 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-1108SE17MD Для ОС Astra Linux: обновить пакет chromium до 1:130.0.6723.92-0astragost0+ci202411071347+astra6 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0114SE18MD Обновление программного обеспечения chromium до версии 131.0.6778.264+repack-1~deb12u1.osnova2u1 Для ОС Astra Linux: обновить пакет chromium до 1:142.0.7444.175-0astragost0+ci1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20251225SE16

Reference

https://chromereleases.googleblog.com/2024 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7968 https://www.suse.com/security/cve/CVE-2024-7968.html https://security-tracker.debian.org/tracker/CVE-2024-7968 http://repo.red-soft.ru/redos/7.3c/x86_64/updates/ https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47 https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-1108SE17MD https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0114SE18MD https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.12/ https://wiki.astralinux.ru/astra-linux-se16-bulletin-20251225SE16

CWE

CWE-416

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "TO1672",
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": "TO1672 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 Google Chrome",
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Novell Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Google Inc, Microsoft Corp, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "15.5 (OpenSUSE Leap), - (openSUSE Tumbleweed), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 7.3 (\u0420\u0415\u0414 \u041e\u0421), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Common Edition), 15 SP5 (SUSE Package Hub), 15.6 (OpenSUSE Leap), 15 SP6 (SUSE Package Hub), \u0434\u043e 128.0.6613.84 (Google Chrome), \u0434\u043e 128.0.2739.42 (Microsoft Edge), 1.8 (Astra Linux Special Edition), \u0434\u043e 2.12 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Google Inc.:\nhttps://chromereleases.googleblog.com/2024\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Microsoft Corp.:\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7968\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2024-7968.html\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2024-7968\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u0430\u043d\u0442\u0438\u0432\u0438\u0440\u0443\u0441\u043d\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u044b \u0441 \u0444\u0443\u043d\u043a\u0446\u0438\u0435\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0432\u0435\u0431-\u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c;\n- \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u0432 \u0441\u0435\u0442\u044c \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442 \u2013 \u0440\u0435\u0433\u043b\u0430\u043c\u0435\u043d\u0442\u0430\u0446\u0438\u044f \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u043d\u044b\u0445 \u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432 \u0438 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0439;\n- \u0437\u0430\u043f\u0443\u0441\u043a \u0432\u0435\u0431-\u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 \u043e\u0442 \u0438\u043c\u0435\u043d\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0441 \u043c\u0438\u043d\u0438\u043c\u0430\u043b\u044c\u043d\u044b\u043c\u0438 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 \u0432 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435;\n- \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u0435 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0438 \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u044f \u0432\u0442\u043e\u0440\u0436\u0435\u043d\u0438\u0439.\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f Astra Linux Special Edition 4.7 \u0434\u043b\u044f \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b ARM:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 chromium \u0434\u043e 1:129.0.6668.100-0astragost0+ci202410111611+astra8+ci2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 chromium \u0434\u043e 1:128.0.6613.119-0astragost0+ci202409101631+astra8 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-1108SE17MD\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 chromium \u0434\u043e 1:130.0.6723.92-0astragost0+ci202411071347+astra6 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0114SE18MD\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f chromium \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 131.0.6778.264+repack-1~deb12u1.osnova2u1\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 chromium \u0434\u043e 1:142.0.7444.175-0astragost0+ci1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20251225SE16",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "21.08.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "20.01.2026",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "02.09.2024",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-06585",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-7968",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "OpenSUSE Leap, openSUSE Tumbleweed, Debian GNU/Linux, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Astra Linux Common Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), SUSE Package Hub, Google Chrome, Microsoft Edge, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux - , Novell Inc. OpenSUSE Leap 15.5 , Microsoft Corp Windows - , Novell Inc. openSUSE Tumbleweed - , Apple Inc. MacOS - , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 12 , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Common Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), Novell Inc. OpenSUSE Leap 15.6 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.8  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.12  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u0430\u0432\u0442\u043e\u0437\u0430\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f Autofill Payments \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432 Google Chrome \u0438 Microsoft Edge, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f (CWE-416)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u0430\u0432\u0442\u043e\u0437\u0430\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f Autofill Payments \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432 Google Chrome \u0438 Microsoft Edge \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c\u044e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u0430\u043c\u044f\u0442\u0438 \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0439 HTML-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://chromereleases.googleblog.com/2024\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7968\nhttps://www.suse.com/security/cve/CVE-2024-7968.html\nhttps://security-tracker.debian.org/tracker/CVE-2024-7968\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-1108SE17MD\nhttps://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0114SE18MD\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.12/\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20251225SE16",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-416",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}

GHSA-374F-438Q-472R

Vulnerability from github – Published: 2024-08-21 21:30 – Updated: 2024-08-22 18:31

Details

Severity ?

8.8 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-7968"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-21T21:15:09Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Autofill in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who had convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
  "id": "GHSA-374f-438q-472r",
  "modified": "2024-08-22T18:31:20Z",
  "published": "2024-08-21T21:30:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7968"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/349253666"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2024-AVI-0706

Vulnerability from certfr_avis - Published: 2024-08-22 - Updated: 2024-08-22

De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Google indique que la vulnérabilité CVE-2024-7971 est activement exploitée.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Google	N/A	Google Chrome versions antérieures à 128.0.6613.84/.85 sur Windows et Mac
	Google	N/A	Google Chrome versions antérieures à 128.0.6613.84 sur Linux

References

Title

Publication Time

Tags

Bulletin de sécurité Google Chrome

2024-08-21

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Google Chrome versions ant\u00e9rieures \u00e0 128.0.6613.84/.85 sur Windows et Mac",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Google",
          "scada": false
        }
      }
    },
    {
      "description": "Google Chrome versions ant\u00e9rieures \u00e0 128.0.6613.84 sur Linux",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Google",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-7976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7976"
    },
    {
      "name": "CVE-2024-7973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7973"
    },
    {
      "name": "CVE-2024-7969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7969"
    },
    {
      "name": "CVE-2024-8035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8035"
    },
    {
      "name": "CVE-2024-7980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7980"
    },
    {
      "name": "CVE-2024-7975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7975"
    },
    {
      "name": "CVE-2024-7964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7964"
    },
    {
      "name": "CVE-2024-7968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7968"
    },
    {
      "name": "CVE-2024-7977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7977"
    },
    {
      "name": "CVE-2024-7966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7966"
    },
    {
      "name": "CVE-2024-7979",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7979"
    },
    {
      "name": "CVE-2024-7974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7974"
    },
    {
      "name": "CVE-2024-7972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7972"
    },
    {
      "name": "CVE-2024-7967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7967"
    },
    {
      "name": "CVE-2024-8034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8034"
    },
    {
      "name": "CVE-2024-7981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7981"
    },
    {
      "name": "CVE-2024-8033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8033"
    },
    {
      "name": "CVE-2024-7978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7978"
    },
    {
      "name": "CVE-2024-7971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7971"
    },
    {
      "name": "CVE-2024-7965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7965"
    }
  ],
  "initial_release_date": "2024-08-22T00:00:00",
  "last_revision_date": "2024-08-22T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0706",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-08-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Chrome. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n\nGoogle indique que la vuln\u00e9rabilit\u00e9 CVE-2024-7971 est activement exploit\u00e9e.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Chrome",
  "vendor_advisories": [
    {
      "published_at": "2024-08-21",
      "title": "Bulletin de s\u00e9curit\u00e9 Google Chrome",
      "url": "https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html"
    }
  ]
}

CERTFR-2024-AVI-0770

Vulnerability from certfr_avis - Published: 2024-09-12 - Updated: 2024-09-12

De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Palo Alto Networks	PAN-OS	PAN-OS versions 10.0.x antérieures à 10.0.12
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions 5.1.x antérieures à 5.1.12
Palo Alto Networks	PAN-OS	PAN-OS versions 11.0.x antérieures à 11.0.1
Palo Alto Networks	Prisma Access	Prisma Access versions antérieures à 10.2.9 sur PAN-OS
Palo Alto Networks	PAN-OS	PAN-OS versions 9.0.x antérieures à 9.0.17
Palo Alto Networks	PAN-OS	PAN-OS versions 11.2.x antérieures à 11.2.3
Palo Alto Networks	ActiveMQ Content Pack	ActiveMQ Content Pack versions 1.1.x antérieures à 1.1.15
Palo Alto Networks	PAN-OS	PAN-OS versions 10.1.x antérieures à 10.1.11
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions 6.2.x antérieures à 6.2.1
Palo Alto Networks	Cortex XDR Agent	Cortex XDR Agent toutes versions antérieures à 8.2
Palo Alto Networks	Prisma Access Browser	Prisma Access Browser versions 128.x.x.x postérieures à 128.91.2869.7 et antérieures à 128.138.2888.2
Palo Alto Networks	PAN-OS	PAN-OS versions 10.2.x antérieures à 10.2.4
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions 6.0.x antérieures à 6.0.7
Palo Alto Networks	PAN-OS	PAN-OS versions 8.1.x antérieures à 8.1.25
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions 5.2.x antérieures à 5.2.13
Palo Alto Networks	PAN-OS	PAN-OS versions 9.1.x antérieures à 9.1.17
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions 6.1.x antérieures à 6.1.2

References

Title

Publication Time

Tags

Bulletin de sécurité Palo Alto Networks PAN-219031 et PAN-192893	2024-09-11	vendor-advisory
Bulletin de sécurité Palo Alto Networks PAN-204689 et GPC-16848	2024-09-11	vendor-advisory
Bulletin de sécurité Palo Alto Networks PAN-151792 et PAN-82874	2024-09-11	vendor-advisory
Bulletin de sécurité Palo Alto Networks CPATR-20644	2024-09-11	vendor-advisory
Bulletin de sécurité Palo Alto Networks CRTX-105751	2024-09-11	vendor-advisory
Bulletin de sécurité Palo Alto Networks PAN-SA-2024-0009	2024-09-11	vendor-advisory
Bulletin de sécurité Palo Alto Networks PAN-263321	2024-09-11	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "PAN-OS versions 10.0.x ant\u00e9rieures \u00e0 10.0.12",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions 5.1.x ant\u00e9rieures \u00e0 5.1.12",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 11.0.x ant\u00e9rieures \u00e0 11.0.1",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Prisma Access versions ant\u00e9rieures \u00e0 10.2.9 sur PAN-OS",
      "product": {
        "name": "Prisma Access",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 9.0.x ant\u00e9rieures \u00e0 9.0.17",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 11.2.x ant\u00e9rieures \u00e0 11.2.3",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "ActiveMQ Content Pack versions 1.1.x ant\u00e9rieures \u00e0 1.1.15",
      "product": {
        "name": "ActiveMQ Content Pack",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 10.1.x ant\u00e9rieures \u00e0 10.1.11",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions 6.2.x ant\u00e9rieures \u00e0 6.2.1",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Cortex XDR Agent toutes versions ant\u00e9rieures \u00e0 8.2",
      "product": {
        "name": "Cortex XDR Agent",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Prisma Access Browser versions 128.x.x.x post\u00e9rieures \u00e0 128.91.2869.7 et ant\u00e9rieures \u00e0 128.138.2888.2",
      "product": {
        "name": "Prisma Access Browser",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 10.2.x ant\u00e9rieures \u00e0 10.2.4",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions 6.0.x ant\u00e9rieures \u00e0 6.0.7",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 8.1.x ant\u00e9rieures \u00e0 8.1.25",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions 5.2.x ant\u00e9rieures \u00e0 5.2.13",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 9.1.x ant\u00e9rieures \u00e0 9.1.17",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions 6.1.x ant\u00e9rieures \u00e0 6.1.2",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-8193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8193"
    },
    {
      "name": "CVE-2024-7976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7976"
    },
    {
      "name": "CVE-2024-7973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7973"
    },
    {
      "name": "CVE-2024-7969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7969"
    },
    {
      "name": "CVE-2024-8691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8691"
    },
    {
      "name": "CVE-2024-8035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8035"
    },
    {
      "name": "CVE-2024-7980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7980"
    },
    {
      "name": "CVE-2024-7975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7975"
    },
    {
      "name": "CVE-2024-7964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7964"
    },
    {
      "name": "CVE-2024-8636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8636"
    },
    {
      "name": "CVE-2024-7968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7968"
    },
    {
      "name": "CVE-2024-8686",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8686"
    },
    {
      "name": "CVE-2024-8638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8638"
    },
    {
      "name": "CVE-2024-8639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8639"
    },
    {
      "name": "CVE-2024-7977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7977"
    },
    {
      "name": "CVE-2024-8362",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8362"
    },
    {
      "name": "CVE-2024-8687",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8687"
    },
    {
      "name": "CVE-2024-7966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7966"
    },
    {
      "name": "CVE-2024-7979",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7979"
    },
    {
      "name": "CVE-2024-7974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7974"
    },
    {
      "name": "CVE-2024-8637",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8637"
    },
    {
      "name": "CVE-2024-7972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7972"
    },
    {
      "name": "CVE-2024-7967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7967"
    },
    {
      "name": "CVE-2024-8689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8689"
    },
    {
      "name": "CVE-2024-8198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8198"
    },
    {
      "name": "CVE-2024-8688",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8688"
    },
    {
      "name": "CVE-2024-8034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8034"
    },
    {
      "name": "CVE-2024-7970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7970"
    },
    {
      "name": "CVE-2024-8690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8690"
    },
    {
      "name": "CVE-2024-7981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7981"
    },
    {
      "name": "CVE-2024-8033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8033"
    },
    {
      "name": "CVE-2024-8194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8194"
    },
    {
      "name": "CVE-2024-7978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7978"
    },
    {
      "name": "CVE-2024-7971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7971"
    },
    {
      "name": "CVE-2024-7965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7965"
    }
  ],
  "initial_release_date": "2024-09-12T00:00:00",
  "last_revision_date": "2024-09-12T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0770",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-09-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo Alto Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
  "vendor_advisories": [
    {
      "published_at": "2024-09-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-219031 et PAN-192893",
      "url": "https://security.paloaltonetworks.com/CVE-2024-8691"
    },
    {
      "published_at": "2024-09-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-204689 et GPC-16848",
      "url": "https://security.paloaltonetworks.com/CVE-2024-8687"
    },
    {
      "published_at": "2024-09-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-151792 et PAN-82874",
      "url": "https://security.paloaltonetworks.com/CVE-2024-8688"
    },
    {
      "published_at": "2024-09-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CPATR-20644",
      "url": "https://security.paloaltonetworks.com/CVE-2024-8690"
    },
    {
      "published_at": "2024-09-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CRTX-105751",
      "url": "https://security.paloaltonetworks.com/CVE-2024-8689"
    },
    {
      "published_at": "2024-09-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-SA-2024-0009",
      "url": "https://security.paloaltonetworks.com/PAN-SA-2024-0009"
    },
    {
      "published_at": "2024-09-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-263321",
      "url": "https://security.paloaltonetworks.com/CVE-2024-8686"
    }
  ]
}

CERTFR-2024-AVI-0711

Vulnerability from certfr_avis - Published: 2024-08-23 - Updated: 2024-08-23

De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et un problème de sécurité non spécifié par l'éditeur.

Microsoft indique que la vulnérabilité CVE-2024-7971 est activement exploitée.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Microsoft	Edge	Microsoft Edge versions antérieures à 128.0.2739.42
	Microsoft	Edge	Microsoft Edge pour Android versions antérieures à 128.0.2739.42

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft Edge CVE-2024-7976	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-7971	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-7973	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-7968	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-7974	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-7967	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-8033	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-7972	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-7977	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-8035	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-41879	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-8034	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-38210	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-7978	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-7969	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-7964	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-7980	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-7979	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-7966	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-38209	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-7975	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-38208	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-7981	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-7965	2024-08-22	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Edge versions ant\u00e9rieures \u00e0 128.0.2739.42",
      "product": {
        "name": "Edge",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Edge pour Android versions ant\u00e9rieures \u00e0 128.0.2739.42",
      "product": {
        "name": "Edge",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-38210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38210"
    },
    {
      "name": "CVE-2024-38209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38209"
    },
    {
      "name": "CVE-2024-7976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7976"
    },
    {
      "name": "CVE-2024-7973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7973"
    },
    {
      "name": "CVE-2024-7969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7969"
    },
    {
      "name": "CVE-2024-8035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8035"
    },
    {
      "name": "CVE-2024-7980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7980"
    },
    {
      "name": "CVE-2024-7975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7975"
    },
    {
      "name": "CVE-2024-7964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7964"
    },
    {
      "name": "CVE-2024-7968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7968"
    },
    {
      "name": "CVE-2024-7977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7977"
    },
    {
      "name": "CVE-2024-7966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7966"
    },
    {
      "name": "CVE-2024-7979",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7979"
    },
    {
      "name": "CVE-2024-7974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7974"
    },
    {
      "name": "CVE-2024-7972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7972"
    },
    {
      "name": "CVE-2024-7967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7967"
    },
    {
      "name": "CVE-2024-41879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41879"
    },
    {
      "name": "CVE-2024-8034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8034"
    },
    {
      "name": "CVE-2024-7981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7981"
    },
    {
      "name": "CVE-2024-8033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8033"
    },
    {
      "name": "CVE-2024-38208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38208"
    },
    {
      "name": "CVE-2024-7978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7978"
    },
    {
      "name": "CVE-2024-7971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7971"
    },
    {
      "name": "CVE-2024-7965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7965"
    }
  ],
  "initial_release_date": "2024-08-23T00:00:00",
  "last_revision_date": "2024-08-23T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0711",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-08-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Edge. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n\nMicrosoft indique que la vuln\u00e9rabilit\u00e9 CVE-2024-7971 est activement exploit\u00e9e.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
  "vendor_advisories": [
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-7976",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7976"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-7971",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7971"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-7973",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7973"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-7968",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7968"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-7974",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7974"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-7967",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7967"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-8033",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-8033"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-7972",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7972"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-7977",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7977"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-8035",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-8035"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-41879",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-41879"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-8034",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-8034"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-38210",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38210"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-7978",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7978"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-7969",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7969"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-7964",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7964"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-7980",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7980"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-7979",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7979"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-7966",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7966"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-38209",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38209"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-7975",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7975"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-38208",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38208"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-7981",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7981"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-7965",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7965"
    }
  ]
}

FKIE_CVE-2024-7968

Vulnerability from fkie_nvd - Published: 2024-08-21 21:15 - Updated: 2024-08-27 13:35

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	chrome-cve-admin@google.com	https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html	Release Notes, Vendor Advisory
	chrome-cve-admin@google.com	https://issues.chromium.org/issues/349253666	Permissions Required

Impacted products

	Vendor	Product	Version
	google	chrome	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAE0C7AB-1D61-4449-BC82-915B019F311F",
              "versionEndExcluding": "128.0.6613.84",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Use after free in Autofill in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who had convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
    },
    {
      "lang": "es",
      "value": "Use after free en Autocompletar en Google Chrome anterior a 128.0.6613.84 permit\u00eda a un atacante remoto que hab\u00eda convencido al usuario de participar en interacciones espec\u00edficas de la interfaz de usuario para explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)"
    }
  ],
  "id": "CVE-2024-7968",
  "lastModified": "2024-08-27T13:35:04.780",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-08-21T21:15:09.133",
  "references": [
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://issues.chromium.org/issues/349253666"
    }
  ],
  "sourceIdentifier": "chrome-cve-admin@google.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "chrome-cve-admin@google.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-7968 (GCVE-0-2024-7968)

CNVD-2024-44542

CVE-2024-7968

GHSA-374F-438Q-472R

CERTFR-2024-AVI-0706

Solutions

CERTFR-2024-AVI-0770

Solutions

CERTFR-2024-AVI-0711

Solutions

FKIE_CVE-2024-7968

Tags

Sightings

Nomenclature