CVE-2024-9370: Chromium: CVE-2024-9370 Inappropriate implementation in V8

CVE-2024-9369: Chromium: CVE-2024-9369 Insufficient data validation in Mojo

CVE-2024-7025: Chromium: CVE-2024-7025 Integer overflow in Layout

CVE-2024-9123: Chromium: CVE-2024-9123 Integer overflow in Skia

CVE-2024-9122: Chromium: CVE-2024-9122 Type Confusion in V8

**According to the CVSS metric, the attack complexity is high (AC:H) and user interaction is required (UI:R). What does that mean for this vulnerability?**

An attacker would need to trick the user to transfer a malicious JSON file and hope that user does not open and review it. If the user opens it, the user will see an invalid URL and not import it for his dashboard. But in a scenario where the user does import the malicious JSON file, the portal will not immediately send a token. Only in a corner case that a user configures the dashboard again from the portal will there be a token leak.

Headline

CVE-2024-38201: Azure Stack Hub Elevation of Privilege Vulnerability

Microsoft Security Response Center: Latest News