CVE-2024-9963
Published: 15 October 2024
Summary
CVE-2024-9963 is a medium-severity an unspecified weakness vulnerability in Google Chrome. Its CVSS base score is 4.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Ingress Tool Transfer (T1105); ranked at the 31.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-50245
Vulnerability details
Insufficient data validation in Downloads in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
UI spoofing in Chrome Downloads via crafted HTML deceives users into downloading and executing malicious files or interacting harmfully, facilitating ingress tool transfer, user execution via links/files, and spearphishing links.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.