Search for vulnerabilities
Vulnerability details: VCID-tqte-eaax-aaas
Vulnerability ID VCID-tqte-eaax-aaas
Aliases CVE-2024-4950
Summary Inappropriate implementation in Downloads in Google Chrome prior to 125.0.6422.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Status Published
Exploitability 0.5
Weighted Severity 5.9
Risk 3.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-1021 Improper Restriction of Rendered UI Layers or Frames
System Score Found at
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00144 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00282 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
epss 0.00895 https://api.first.org/data/v1/epss?cve=CVE-2024-4950
cvssv3 6.5 https://nvd.nist.gov/vuln/detail/CVE-2024-4950
cvssv3.1 6.5 https://nvd.nist.gov/vuln/detail/CVE-2024-4950
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2024-4950
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_15.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4950
https://issues.chromium.org/issues/40065403
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NTSN22LNYXMWHVTYNOYQVOY7VDZFHENQ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSUWM73ZCXTN62AT2REYQDD5ZKPFMDZD/
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*
CVE-2024-4950 https://nvd.nist.gov/vuln/detail/CVE-2024-4950
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-4950
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-4950
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.16666
EPSS Score 0.00045
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
2024-05-17T12:42:37.832551+00:00 NVD Importer Import https://nvd.nist.gov/vuln/detail/CVE-2024-4950 34.0.0rc4