DirectorySecurity AdvisoriesPricing
/
Sign in
Security Advisories

CVE-2024-8907

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-8907

Severity

6.1

Medium

CVSS V3

Eliminate CVEs with Chainguard hardened images

Build, ship, and run secure software with minimal, hardened container images — rebuilt from source daily and guarded under our industry-leading remediation SLA.

Start for free

Description

Insufficient data validation in Omnibox in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (XSS) via a crafted set of UI gestures. (Chromium security severity: Medium)

References

  • https://nvd.nist.gov/vuln/detail/CVE-2024-8907
  • https://github.com/advisories/GHSA-76f7-g9hr-v32c
  • https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_17.html
  • https://issues.chromium.org/issues/360642942

Affected packages

The trusted source for open source

Talk to an expert
© 2025 Chainguard. All Rights Reserved.
PrivacyTerms

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing

Solutions

FedRAMPPCI DSSCMMC 2.0Golden ImagesCVE RemediationPublic Sector

Customers

Customer StoriesChainguard Reviews

Resources

Events & WebinarsSupply Chain Security 101Chainguard CoursesDocumentationTrust CenterChainguard Slack Community

Company

About UsBlogPartnersNewsroomCareersLegal