cbcvebase.
CVE-2024-8906
published 2024-09-17

CVE-2024-8906: Incorrect security UI in Downloads in Google Chrome prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to…

medium4.3CVSS 3.1
AVNACLPRNUIRSUCNILAN
Incorrect security UI in Downloads in Google Chrome prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Affected

10 ranges
VendorProductVersion rangeFixed in
applemacos_tahoe
applesafari
chromiumchromium>= 0 < 129.0.6668.58-1~deb12u1129.0.6668.58-1~deb12u1
chromiumchromium>= 0 < 129.0.6668.58-1129.0.6668.58-1
chromiumchromium>= 0 < 129.0.6668.58-1129.0.6668.58-1
debianchromium< chromium 129.0.6668.58-1~deb12u1 (bookworm)chromium 129.0.6668.58-1~deb12u1 (bookworm)
googlechrome< 129.0.6668.58129.0.6668.58
googlechrome>= 129.0.6668.58 < 129.0.6668.58129.0.6668.58
msrcmicrosoft_edge
paloaltoprisma_browser

CVSS provenance

nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
osv4.3MEDIUM