Base Score

MEDIUM4.3

CVE-2024-8908

Inappropriate implementation in Autofill in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

VectorNETWORK

Published Bychrome-cve-admin@google.com

Published DateSep 17, 2024, 21:15

Weakness Type (CWE):NVD-CWE-noinfo

CVSS Metrics

Base Score

4.3

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

LOW

Availability (A)

NONE

References

https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_17.html
https://issues.chromium.org/issues/337222641

Base Score

MEDIUM4.3

Weakness Type (CWE):NVD-CWE-noinfo

CVSS Metrics

Base Score

4.3

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

LOW

Availability (A)

NONE