CVE-2021-1073

Name of the Vulnerable Software and Affected Versions NVIDIA GeForce Experience versions prior to 3.23

Description The issue arises when a user attempts to log in to NVIDIA GeForce Experience through a browser while having other web pages open in the same browser. This situation allows a malicious web page to access the user's login session token, potentially compromising the user's account and leading to unauthorized access, alteration, or loss of the user's data. The vulnerability can be exploited if a user clicks on a maliciously formatted link that opens the GeForce Experience login page in a new browser tab, and then enters their login information.

Recommendations For NVIDIA GeForce Experience versions prior to 3.23, update to version 3.23 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the browser to log in to GeForce Experience, and instead use the application directly, until the update is applied. Additionally, users should be cautious when clicking on links from unknown sources and avoid entering login information when prompted by unfamiliar web pages.