CVE-2024-9964
Published: 15 October 2024
Summary
CVE-2024-9964 is a medium-severity an unspecified weakness vulnerability in Google Chrome. Its CVSS base score is 4.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Browser Extensions (T1176.001); ranked at the 31.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-50246
Vulnerability details
Inappropriate implementation in Payments in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables crafted Chrome extensions to spoof the Payments UI through specific user gestures, facilitating browser extension abuse (T1176.001) for financial theft (T1657) by tricking users into entering payment details or authorizing transactions.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.