CVE-2024-3847: 
vulnerability analysis and mitigation

CVE-2024-3847 is a security vulnerability discovered in Google Chrome's WebUI component affecting versions prior to 124.0.6367.60. The vulnerability allows a remote attacker to bypass content security policy through a crafted HTML page. This issue was classified with a low severity rating by the Chromium security team (Chrome Release).

The vulnerability is characterized by insufficient policy enforcement in the WebUI component of Google Chrome. It has been assigned a CVSS v3.1 base score of 6.1 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. The vulnerability is associated with CWE-79 (Improper Neutralization of Input During Web Page Generation) (NVD).

When exploited, this vulnerability could allow an attacker to bypass the content security policy protections, potentially leading to cross-site scripting attacks. The impact is considered low, affecting both confidentiality and integrity of the system, while not impacting availability (NVD).

Google has addressed this vulnerability in Chrome version 124.0.6367.60. Users are advised to update to this version or later to mitigate the risk. The fix has also been incorporated into various Linux distributions, including Fedora 38, 39, and 40 through their respective update channels (Fedora Update).