CVE-2024-5840 | THREATINT

Assigner	Chrome
Reserved	2024-06-11
Published	2024-06-11
Updated	2024-07-19

Description

Policy bypass in CORS in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium)

Problem types

Policy bypass

Product status

126.0.6478.54 before 126.0.6478.54

affected

References

https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html

https://issues.chromium.org/issues/41492103

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/

cve.org CVE-2024-5840

nvd.nist.gov CVE-2024-5840

Download JSON