On Wednesday, artificial intelligence computing company NVIDIA released patches for software flaws in its CHATRTX for Windows app.
The patches for the flaws were followed by a warning for users to alert them to the potential of code execution and data tampering attacks. The warning advisory was urgent, and was flagged as “high-risk”. These software flaws could be exploited to launch harmful code as a result of cross-site scripting attacks. The flagged security flaws impact ChatRTX for Windows 0.2 and previous versions. The first defect, CVE-2024-0082 is contained in the UI. If successfully exploited, attackers can tamper with data and gain access to sensitive information. The second defect, CVE-2024-0083 is also contained in the UI. This vulnerability could run malicious scripts in the browser, resulting in cross-site scripting errors. This could result in access to sensitive information and denial of service.
Read more: https://www.securityweek.com/code-execution-flaws-haunt-nvidia-chatrtx-for-windows/