CVE-2024-5836
Published: 11 June 2024
Summary
CVE-2024-5836 is a high-severity Use of Function with Inconsistent Implementations (CWE-474) vulnerability in Fedoraproject Fedora. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Browser Extensions (T1176.001); ranked in the top 35.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-46982
Vulnerability details
Inappropriate Implementation in DevTools in Google Chrome prior to 126.0.6478.54 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: High)
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability in Chrome DevTools enables malicious browser extensions to execute arbitrary code after user installation, facilitating browser extension abuse (T1176.001) and exploitation for client-side code execution (T1203).
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.