Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with the handling of touch events and gesture events, which allows remote attackers to trigger unintended UI actions via a crafted web site that conducts a "tapjacking" attack.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.01566
Percentile: 0.80703

CVSS Scoring

Mapped CWE(s)

• CWE-1021 : Improper Restriction of Rendered UI Layers or Frames

All CAPEC(s)

CAPEC(s) with Mapped TTPs

Mapped ATT&CK TTPs

• T1036.004 : Masquerade Task or Service
  Kill Chain: defense-evasion
• T1056 : Input Capture
  Kill Chain: collection
• T1548.004 : Elevated Execution with Prompt
  Kill Chain: privilege-escalation

Malware

APTs Threat Group Associations

Campaigns

Affected Products

• cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
• cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
• cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
• cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*
• cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
• cpe:2.3:o:redhat:enterprise_linux_eus:6.6:*:*:*:*:*:*:*
• cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
• cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*
• cpe:2.3:o:redhat:enterprise_linux_server_eus:6.6:*:*:*:*:*:*:*
• cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

← Back to Home