CVE-2024-7978: 
vulnerability analysis and mitigation

CVE-2024-7978 is a security vulnerability in Google Chrome prior to version 128.0.6613.84 that involves insufficient policy enforcement in Data Transfer functionality. The vulnerability was discovered by NDevTK and reported on July 21, 2022. This security issue allows a remote attacker who convinces a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page (Chrome Release, NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N. This indicates that the vulnerability requires network access and user interaction to exploit, with potential impact limited to information disclosure (PAN Advisory).

If successfully exploited, the vulnerability could lead to the disclosure of cross-origin data when a user is convinced to perform specific UI gestures on a maliciously crafted HTML page (Chrome Release).

The vulnerability has been fixed in Google Chrome version 128.0.6613.84 and later. Users are advised to update their Chrome browsers to the latest version to protect against this vulnerability (Chrome Release).