CVE-2024-3838: Inappropriate implementation in Autofill

Reference Links

• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3838 (Advisory)
• https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html (Advisory)
• https://issues.chromium.org/issues/328278717
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/

Parent vulnerabilities

(Appears in the following advisories)

• 8554970101511209010

Peer vulnerabilities

(Found alongside the following vulnerabilities)

• CVE-2024-2625
• CVE-2024-3832
• CVE-2024-3833
• CVE-2024-3914
• CVE-2024-3834
• CVE-2024-3837
• CVE-2024-3839
• CVE-2024-3840
• CVE-2024-3841
• CVE-2024-3843
• CVE-2024-3844
• CVE-2024-3845
• CVE-2024-3846
• CVE-2024-3847

Frequently Asked Questions

• What is the severity of CVE-2024-3838?

  CVE-2024-3838 is categorized as having a medium severity level.

• How do I fix CVE-2024-3838?

  To fix CVE-2024-3838, update Microsoft Edge (Chromium-based) to the latest version provided in their security release notes.

• Which versions of Chrome are affected by CVE-2024-3838?

  CVE-2024-3838 affects versions of Google Chrome up to but not including version 124.0.6367.60.

• Is Microsoft Edge (Chromium-based) vulnerable to CVE-2024-3838?

  Yes, Microsoft Edge (Chromium-based) is vulnerable to CVE-2024-3838 if it is running a version prior to the latest update.

• What should I do if I am using an affected version of Chrome with CVE-2024-3838?

  If you are using an affected version of Chrome, you should update to the latest version as soon as possible to mitigate the vulnerability.