Cyber Resilience

CVE-2023-5484

Medium

Published: 11 October 2023

Published
11 October 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS Score 0.0016 36.1th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-5484 is a medium-severity an unspecified weakness vulnerability in Fedoraproject Fedora. Its CVSS base score is 6.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Drive-by Compromise (T1189); ranked at the 36.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1189 Drive-by Compromise Initial Access
Adversaries may gain access to a system through a user visiting a website over the normal course of browsing.
T1566 Phishing Initial Access
Adversaries may send phishing messages to gain access to victim systems.
Why these techniques?

Vulnerability enables remote attackers to spoof browser security UI (e.g., indicators of secure connections) via crafted HTML pages, facilitating drive-by compromises and phishing by deceiving users into trusting malicious sites.

Affected Assets

google
chrome
≤ 118.0.5993.70
fedoraproject
fedora
37, 38
debian
debian linux
11.0, 12.0

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References