Cyber Resilience

CVE-2024-5836

High

Published: 11 June 2024

Published
11 June 2024
Modified
14 March 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0047 64.9th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-5836 is a high-severity Use of Function with Inconsistent Implementations (CWE-474) vulnerability in Fedoraproject Fedora. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Browser Extensions (T1176.001); ranked in the top 35.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Inappropriate Implementation in DevTools in Google Chrome prior to 126.0.6478.54 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: High)

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1176.001 Browser Extensions Persistence
Adversaries may abuse internet browser extensions to establish persistent access to victim systems.
T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Vulnerability in Chrome DevTools enables malicious browser extensions to execute arbitrary code after user installation, facilitating browser extension abuse (T1176.001) and exploitation for client-side code execution (T1203).

Affected Assets

google
chrome
≤ 126.0.6478.54
fedoraproject
fedora
39, 40

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References