CVE-2024-3172: Insufficient data validation in DevTools

Q: What is the severity of CVE-2024-3172?

CVE-2024-3172 has a high severity rating due to its potential for remote code execution.

Q: How do I fix CVE-2024-3172?

To fix CVE-2024-3172, update Google Chrome to version 121.0.6167.85 or later.

Q: What can an attacker do with CVE-2024-3172?

An attacker can execute arbitrary code on a user's system by convincing them to engage in specific user interface gestures.

Q: Which versions of Google Chrome are affected by CVE-2024-3172?

CVE-2024-3172 affects all versions of Google Chrome prior to 121.0.6167.85.

Q: What is insufficient data validation in the context of CVE-2024-3172?

Insufficient data validation in CVE-2024-3172 refers to the vulnerability that allows crafted HTML pages to bypass security checks and execute untrusted code.

Published Nov 13, 2023

Updated

Insufficient data validation in DevTools in Google Chrome prior to 121.0.6167.85 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Credit

Matan Berson@@MtnBer

Affected Software

2 affected componentsFixes available

Google Chrome<121.0.6167.85

121.0.6167.85

Google Chrome<121.0.6167.85

Event History

Nov 13, 2023

CVE Published

12:00 AM

Jul 16, 2024

CVE Published

via MITRE·10:14 PM

Data Sourced

via MITRE·10:14 PM

DescriptionWeakness

Data Sourced

via NVD·11:15 PM

Description

Parent advisories

This vulnerability appears in the following advisories.

2666430141006798223

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is the severity of CVE-2024-3172?

CVE-2024-3172 has a high severity rating due to its potential for remote code execution.

How do I fix CVE-2024-3172?

To fix CVE-2024-3172, update Google Chrome to version 121.0.6167.85 or later.

What can an attacker do with CVE-2024-3172?