Unrated severityNVD Advisory· Published Apr 17, 2024· Updated Feb 13, 2025
CVE-2024-3838
CVE-2024-3838
Description
Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed an attacker who convinced a user to install a malicious app to perform UI spoofing via a crafted app. (Chromium security severity: Medium)
Affected products
12- osv-coords11 versionspkg:apk/chainguard/chromiumpkg:apk/chainguard/chromium-docker-selenium-compatpkg:apk/chainguard/chromium-langpkg:apk/chainguard/chromium-qtpkg:apk/wolfi/chromiumpkg:apk/wolfi/chromium-docker-selenium-compatpkg:apk/wolfi/chromium-langpkg:apk/wolfi/chromium-qtpkg:rpm/opensuse/chromium&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/opera&distro=openSUSE%20Leap%2015.5%20NonFreepkg:rpm/opensuse/opera&distro=openSUSE%20Leap%2015.6%20NonFree
< 124.0.6367.60-r0+ 10 more
- (no CPE)range: < 124.0.6367.60-r0
- (no CPE)range: < 124.0.6367.60-r0
- (no CPE)range: < 124.0.6367.60-r0
- (no CPE)range: < 124.0.6367.60-r0
- (no CPE)range: < 124.0.6367.60-r0
- (no CPE)range: < 124.0.6367.60-r0
- (no CPE)range: < 124.0.6367.60-r0
- (no CPE)range: < 124.0.6367.60-r0
- (no CPE)range: < 124.0.6367.201-1.1
- (no CPE)range: < 110.0.5130.23-lp155.3.45.1
- (no CPE)range: < 110.0.5130.64-lp156.2.6.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.htmlmitre
- issues.chromium.org/issues/328278717mitre
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/mitre
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/mitre
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/mitre
News mentions
0No linked articles in our index yet.