CVE-2024-8906 — Google Chrome vulnerability

10 documents9 sources

Severity

4.3MEDIUMNVD

EPSS

0.1%

top 68.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Chromium Paloalto Prisma Browser

Timeline

PublishedSep 17

Latest updateDec 12

Description

Incorrect security UI in Downloads in Google Chrome prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

▶CVEListV5google/chrome129.0.6668.58 — 129.0.6668.58

▶NVDgoogle/chrome< 129.0.6668.58

▶Debianchromium/chromium< 129.0.6668.58-1~deb12u1+2

▶Palo Altopaloalto/prisma_browser

🔴Vulnerability Details

CVEList

CVE-2024-8906: Incorrect security UI in Downloads in Google Chrome prior to 129↗2024-09-17

▶

GHSA

GHSA-wq22-3j46-hjmw: Incorrect security UI in Downloads in Google Chrome prior to 129↗2024-09-17

▶

OSV

CVE-2024-8906: Incorrect security UI in Downloads in Google Chrome prior to 129↗2024-09-17

▶

📋Vendor Advisories

Apple

CVE-2024-8906: macOS Tahoe 26.2↗2025-12-12

▶

Apple

CVE-2024-8906: Safari 26.2↗2025-12-12

▶

Palo Alto

PAN-SA-2024-0011 Chromium: Monthly Vulnerability Updates↗2024-10-09

▶

Microsoft

Chromium: CVE-2024-8906 Incorrect security UI in Downloads↗2024-09-10

▶

Debian

CVE-2024-8906: chromium - Incorrect security UI in Downloads in Google Chrome prior to 129.0.6668.58 allow...↗2024

▶

💬Community

Bugzilla

CVE-2024-36930 kernel: spi: fix null pointer dereference within spi_sync↗2024-06-03

▶