What is the severity of CVE-2024-3847?

CVE-2024-3847 has been classified with a medium severity level due to insufficient policy enforcement.

How do I fix CVE-2024-3847?

To resolve CVE-2024-3847, users should update their Google Chrome or Microsoft Edge (Chromium-based) to version 124.0.6367.60 or later.

Which products are affected by CVE-2024-3847?

CVE-2024-3847 affects Google Chrome versions up to 124.0.6367.60 and Microsoft Edge Chromium-based browsers.

Is CVE-2024-3847 patched in newer versions?

Yes, CVE-2024-3847 is patched in the latest versions of Google Chrome and Microsoft Edge based on Chromium.

What platforms are impacted by CVE-2024-3847?

CVE-2024-3847 impacts multiple platforms, including Fedora versions 38, 39, and 40 that use Chromium-based browsers.

Vulnerability/
CVE-2024-3847

critical

9.8

CWE

79 305 691

EPSS

0.044%

8/3/2024

17/4/2024

19/12/2024

CVE-2024-3847: Insufficient policy enforcement in WebUI

First published: Fri Mar 08 2024(Updated: )

<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p>

Credit: Yan Zhu chrome-cve-admin@google.com

Affected Software	Affected Version	How to fix
Microsoft Edge		fix available externally
Google Chrome (Trace Event)	<124.0.6367.60	124.0.6367.60
Google Chrome (Trace Event)	<124.0.6367.60
Fedora	=38
Fedora	=39
Fedora	=40

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

8554970101511209010

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is the severity of CVE-2024-3847?
CVE-2024-3847 has been classified with a medium severity level due to insufficient policy enforcement.
How do I fix CVE-2024-3847?
To resolve CVE-2024-3847, users should update their Google Chrome or Microsoft Edge (Chromium-based) to version 124.0.6367.60 or later.
Which products are affected by CVE-2024-3847?
CVE-2024-3847 affects Google Chrome versions up to 124.0.6367.60 and Microsoft Edge Chromium-based browsers.
Is CVE-2024-3847 patched in newer versions?
Yes, CVE-2024-3847 is patched in the latest versions of Google Chrome and Microsoft Edge based on Chromium.
What platforms are impacted by CVE-2024-3847?
CVE-2024-3847 impacts multiple platforms, including Fedora versions 38, 39, and 40 that use Chromium-based browsers.

agent/title
agent/type
agent/first-publish-date
agent/author
collector/msrc
source/Microsoft
agent/description
collector/msrc-cve
agent/references
collector/epss-latest
source/FIRST
agent/epss
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/weakness
agent/event
agent/trending
agent/source
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
collector/chrome-releases
collector/nvd-api
source/NVD
vendor/microsoft
canonical/microsoft edge
vendor/google
canonical/google chrome (trace event)
vendor/fedoraproject
canonical/fedora
version/fedora/38
version/fedora/39
version/fedora/40