CVE-2024-3840

2024-04-1708:15:10

Alpine Linux Development Team

security.alpinelinux.org

site isolation

remote attacker

navigation restrictions

crafted html page

chromium

medium severity

unix

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.0%

JSON

Insufficient policy enforcement in Site Isolation in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

OSVersionArchitecturePackageVersionFilename
Alpineedge-communitynoarchqt6-qtwebengine< 6.6.3-r4UNKNOWN
Alpine3.19-communitynoarchqt6-qtwebengine< 6.6.1-r12UNKNOWN
Alpine3.20-communitynoarchqt6-qtwebengine< 6.6.3-r4UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Alpine	edge-community	noarch	qt6-qtwebengine	< 6.6.3-r4	UNKNOWN
Alpine	3.19-community	noarch	qt6-qtwebengine	< 6.6.1-r12	UNKNOWN
Alpine	3.20-community	noarch	qt6-qtwebengine	< 6.6.3-r4	UNKNOWN