Search for vulnerabilities
Vulnerability details: VCID-btzp-cy1x-aaad
Vulnerability ID VCID-btzp-cy1x-aaad
Aliases CVE-2024-2628
Summary Inappropriate implementation in Downloads in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted URL. (Chromium security severity: Medium)
Status Published
Exploitability 0.5
Weighted Severity 3.9
Risk 1.9
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00103 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00137 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00137 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00137 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00137 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00137 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00137 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00137 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00137 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00137 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00164 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00224 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00224 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00224 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00224 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00224 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00224 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00224 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00224 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00224 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00224 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00224 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00224 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00267 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00267 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00267 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00267 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00267 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00267 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00267 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00267 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00267 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00267 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00267 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00267 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00267 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00267 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00267 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
epss 0.00911 https://api.first.org/data/v1/epss?cve=CVE-2024-2628
cvssv3 4.3 https://nvd.nist.gov/vuln/detail/CVE-2024-2628
cvssv3.1 4.3 https://nvd.nist.gov/vuln/detail/CVE-2024-2628
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2024-2628
https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2628
https://issues.chromium.org/issues/41487774
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D3Z6CRRN4J3IUZPJZVURGMRBN6WFPTU/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JINDYFB3MPH43ECTI72BV63K4RXSG22/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM/
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*
CVE-2024-2628 https://nvd.nist.gov/vuln/detail/CVE-2024-2628
GLSA-202412-05 https://security.gentoo.org/glsa/202412-05
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-2628
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-2628
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.20885
EPSS Score 0.00051
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
2024-04-23T17:18:55.279197+00:00 NVD Importer Import https://nvd.nist.gov/vuln/detail/CVE-2024-2628 34.0.0rc4