CVE-2024-7004: 
vulnerability analysis and mitigation

A security vulnerability identified as CVE-2024-7004 was discovered in Google Chrome's Safe Browsing feature affecting versions prior to 127.0.6533.72. The vulnerability stems from insufficient validation of untrusted input, which could allow a remote attacker to bypass discretionary access control through a malicious file when a user is convinced to perform specific UI gestures (Chrome Release, NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. The weakness has been categorized under CWE-20 (Improper Input Validation) and CWE-863 (Incorrect Authorization). The vulnerability specifically affects the Safe Browsing component of Google Chrome and requires user interaction to be exploited (NVD).

The vulnerability allows an attacker to bypass discretionary access control mechanisms when a user is manipulated into performing specific UI gestures. The impact is considered Low severity according to Chromium's security assessment, with the potential for unauthorized access through malicious file manipulation (NVD).

The vulnerability has been patched in Google Chrome version 127.0.6533.72 and later versions. Users are advised to update their Chrome browsers to the latest version to mitigate this security risk (Chrome Release).