CVE-2024-8907

2024-09-1721:07:19

Chrome

github.com

data validation

google chrome

omnibox

android

xss

ui gestures

remote attacker

arbitrary scripts

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

17.7%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Insufficient data validation in Omnibox in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (XSS) via a crafted set of UI gestures. (Chromium security severity: Medium)