NVIDIA has issued critical patches for vulnerabilities in its ChatRTX for Windows application, warning users of potential code execution and data tampering risks. These flaws, rated as ‘high-risk,’ could be exploited through cross-site-scripting attacks, posing significant security threats to users. The vulnerabilities, identified as CVE‑2024‑0082 and CVE-2024-0083, impact ChatRTX versions 0.2 and earlier.
CVE‑2024‑0082 involves improper privilege management in the application’s UI, where attackers can exploit open file requests to escalate local privileges, disclose sensitive information, and tamper with data. On the other hand, CVE-2024-0083 exposes users to cross-site scripting errors, allowing attackers to execute malicious scripts in users’ browsers. Successful exploitation of this vulnerability may result in code execution, denial of service, and information disclosure.
The ChatRTX application is popular among developers and AI enthusiasts, facilitating the connection of PC LLMs to personal data using retrieval-augmented generation (RAG). Despite its utility, the identified vulnerabilities highlight the importance of promptly applying security patches to mitigate potential risks associated with software vulnerabilities. NVIDIA’s swift response underscores the company’s commitment to ensuring the security and integrity of its software products in the face of evolving cyber threats.
