CVE-2024-1694

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

Inappropriate implementation in Google Updator prior to 1.3.36.351 in Google Chrome allowed a local attacker to bypass discretionary access control via a malicious file. (Chromium security severity: High)

La implementación inadecuada en Google Updatetor anterior a 1.3.36.351 en Google Chrome permitió a un atacante local eludir el control de acceso discrecional a través de un archivo malicioso. (Severidad de seguridad de Chrome: alta)

*Credits: N/A

CVSS Scores

CISAv3.1 7.8

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2024-02-20 CVE Reserved
2024-06-07 CVE Published
2024-06-08 EPSS Updated
2024-08-01 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-474: Use of Function with Inconsistent Implementations

CAPEC

References (1)

URL	Tag	Source
https://issues.chromium.org/issues/40946325

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Google Search vendor "Google"		Omaha Search vendor "Google" for product "Omaha"				1.3.36.351 Search vendor "Google" for product "Omaha" and version "1.3.36.351"		en		Affected