CVE-2024-7017

// CVE-2024-7017 PoC - DevTools Sandbox Escape // This PoC demonstrates the concept of triggering DevTools via crafted HTML // Note: Actual exploitation requires specific Chrome version and DevTools vulnerability <!DOCTYPE html> <html> <head> <title>CVE-2024-7017 PoC</title> </head> <body> <h1>CVE-2024-7017 DevTools Sandbox Escape</h1> <p>Target: Google Chrome < 126.0.6478.182</p> <button onclick='triggerDevTools()'>Trigger DevTools</button> <script> function triggerDevTools() { // Method 1: Using chrome-devtools:// protocol window.open('chrome-devtools://devtools/bundled/inspector.html', '_blank'); // Method 2: Keyboard shortcut simulation // Press F12 or Ctrl+Shift+I to open DevTools // Method 3: Context menu trigger document.addEventListener('contextmenu', function(e) { e.preventDefault(); console.log('Context menu triggered'); }); // The actual exploitation requires: // 1. A specific vulnerability in DevTools handling of crafted HTML // 2. Ability to inject/execute code through DevTools interface // 3. Bypass of Chrome's sandbox mechanism console.log('DevTools triggered - vulnerability requires specific conditions'); } // Auto-trigger on page load (requires user interaction in real attack) // document.body.click(); </script> </body> </html>

{"cve": {"id": "CVE-2024-7017", "sourceIdentifier": "[email protected]", "published": "2025-11-14T03:15:55.520", "lastModified": "2025-11-17T12:24:41.543", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Inappropriate implementation in DevTools in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)"}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.6, "impactScore": 5.9}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-362"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "versionEndExcluding": "126.0.6478.182", "matchCriteriaId": "26C1F2B0-2FAA-47FE-A54B-29F3332447DE"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"}, {"vulnerable": false, "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}, {"vulnerable": false, "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}], "references": [{"url": "https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop.html", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/338248595", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}]}}