Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-28120

Published: 11/03/2024 Updated: 12/03/2024

Vulnerability Summary

codeium-chrome is an open source code completion plugin for the chrome web browser. The service worker of the codeium-chrome extension doesn't check the sender when receiving an external message. This allows an malicious user to host a website that will steal the user's Codeium api-key, and thus impersonate the user on the backend autocomplete server. This issue has not been addressed. Users are advised to monitor the usage of their API key.

References

https://github.com/Exafunction/codeium-chrome/security/advisories/GHSA-8c7j-2h97-q63phttps://securitylab.github.com/advisories/GHSL-2024-027_GHSL-2024-028_codeium-chromehttps://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereferenceCVE-2024-5274CVE-2020-17519CVE-2024-35340CVE-2021-47558localXML injectionCVE-2021-47519CVE-2021-47543
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook