Overview
- Description
- Inappropriate Implementation in DevTools in Google Chrome prior to 126.0.6478.54 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: High)
- Source
- chrome-cve-admin@google.com
- NVD status
- Modified
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
Social media
- Hype score
- Not currently trending
CVE-2024-5836 / CVE-2024-6778 : Chromium Sandbox Escape via Extension Exploits https://t.co/AZefBo36Zb
@un_exceptional
7 Nov 2024
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Threat Alert: Critical Chrome Vulnerabilities Let Malicious Apps Run Shell Command on Your PC CVE-2024-5836 CVE-2024-6778 Severity: ⚠️ Critical Maturity: 💢 Emerging Learn more: https://t.co/Y1Fubw5jOQ #CyberSecurity #ThreatIntel #InfoSec (1/3)
@fletch_ai
23 Oct 2024
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
A POC exploit for CVE-2024-5836 and CVE-2024-6778, allowing for a sandbox escape from a Chrome extension. https://t.co/Vw6kMahtsv
@Dinosn
23 Oct 2024
5019 Impressions
20 Retweets
86 Likes
34 Bookmarks
0 Replies
0 Quotes
Escaping the Chrome Sandbox Through DevTools : https://t.co/hQHGhvwRgC A POC exploit for CVE-2024-5836 and CVE-2024-6778, allowing for a sandbox escape from a Chrome extension : https://t.co/433NhrlWTa https://t.co/AEmnjaazB9
@binitamshah
22 Oct 2024
8047 Impressions
34 Retweets
102 Likes
50 Bookmarks
0 Replies
1 Quote
デベロッパーツールを通じてChromeサンドボックスの脆弱性を探る Chromiumウェブブラウザで発見されたCVE-2024-6778やCVE-2024-5836といった脆弱性は、サイバーセキュリティの専門... https://t.co/TZ8NOrgMYr https://t.co/FxvDlIagzR
@bdog_ja
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Good one 😃 #Chrome sandbox escape via DevTools: #highschool student published technical write-up on CVE-2024-6778 + CVE-2024-5836 (Chromium bugs) .. received a $20,000 bounty https://t.co/2jDi3VsAVm "You also can't trust that very old code will remain safe after many years"
@ovelarsen
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-5386 CVE-2024-5836 / CVE-2024-6778 This repository contains proof of concept exploits for CVE-2024-5836 and CVE-2024-6778, which are vulnerabilities within the Chromium web browser which allowed for a san... https://t.co/M6C2EsNyYF
@VulmonFeeds
51 Impressions
1 Retweet
1 Like
1 Bookmark
0 Replies
0 Quotes
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "28906E8E-9158-4473-8807-188F6DF15D13",
"versionEndExcluding": "126.0.6478.54"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59"
}
],
"operator": "OR"
}
]
}
]