CVE-2024-6999
📋 TL;DR
This vulnerability in Google Chrome's FedCM (Federated Credential Management) implementation allows attackers to spoof UI elements through crafted HTML pages when users perform specific gestures. It affects Chrome users on all platforms who visit malicious websites. The attacker must convince users to interact with deceptive UI elements.
💻 Affected Systems
- Google Chrome
- Chromium-based browsers
📦 What is this software?
Chrome by Google
Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...
Learn more about Chrome →⚠️ Risk & Real-World Impact
Worst Case
Attackers could trick users into revealing sensitive information or performing unintended actions by displaying fake login prompts, permission dialogs, or other interface elements that appear legitimate.
Likely Case
Phishing attacks where users are tricked into entering credentials or granting permissions to malicious sites through spoofed UI elements.
If Mitigated
Minimal impact if users are trained to verify URLs and avoid suspicious sites, and if multi-factor authentication is used for sensitive accounts.
🎯 Exploit Status
Exploitation requires user interaction with specific UI gestures on a crafted HTML page.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 127.0.6533.72
Vendor Advisory: https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html
Restart Required: Yes
Instructions:
1. Open Chrome. 2. Click the three-dot menu. 3. Go to Help > About Google Chrome. 4. Chrome will automatically check for and install updates. 5. Click 'Relaunch' to restart Chrome.
🔧 Temporary Workarounds
Disable FedCM
allTemporarily disable Federated Credential Management feature via Chrome flags
chrome://flags/#fedcm
Set to 'Disabled'
🧯 If You Can't Patch
- Use alternative browsers until Chrome can be updated
- Implement web filtering to block known malicious sites and restrict user browsing
🔍 How to Verify
Check if Vulnerable:
Check Chrome version in Settings > About Chrome. If version is below 127.0.6533.72, system is vulnerable.Check Version:
On command line: google-chrome --version (Linux) or 'C:\Program Files\Google\Chrome\Application\chrome.exe' --version (Windows)Verify Fix Applied:
After update, verify Chrome version is 127.0.6533.72 or higher in Settings > About Chrome.📡 Detection & Monitoring
Log Indicators:
- Unusual authentication attempts from unexpected origins
- Multiple failed login attempts followed by successful login from same IP
Network Indicators:
- HTTP requests to known malicious domains hosting crafted HTML pages
- Unusual traffic patterns to credential-related endpoints
SIEM Query:
source="chrome_audit_logs" AND (event_type="authentication" OR event_type="permission_grant") AND user_agent="*Chrome/12[0-6].*"