CVERadar

CVE-2024-8908

High Severity

Google

SVRS

45/100

CVSSv3

4.3/10

EPSS

0.00066/1

CVE-2024-8908 is a UI spoofing vulnerability in Google Chrome's Autofill feature, potentially allowing attackers to trick users. This vulnerability affects versions prior to 129.0.6668.58. An attacker could exploit this by crafting a malicious HTML page that misleads users interacting with Autofill prompts.

Although the CVSS score is relatively low at 4.3, indicating moderate severity, the SOCRadar Vulnerability Risk Score (SVRS) of 45 suggests that while not critical, this vulnerability warrants attention. It's important to apply the latest Chrome updates to mitigate the risk of exploitation. While the CVSS score indicates moderate impact, the "In The Wild" tag indicates that this vulnerability has been exploited, further increasing the priority of patching. Successful exploitation could lead to phishing attacks and theft of sensitive information. Addressing CVE-2024-8908 prevents potential user deception and maintains trust in Chrome's Autofill functionality.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT

CVE Details

Access comprehensive CVE information instantly

Real-time Tracking

Subscribe to CVEs and get instant updates

Exploit Analysis

Monitor related APT groups and threats

IOC Tracking

Analyze and track CVE-related IOCs

News

CVE-2024-8908 | Google Chrome up to 128.0.6613.137 Autofill Remote Code Execution (Nessus ID 207720)

vuldb.com2025-03-10

CVE-2024-8908 | Google Chrome up to 128.0.6613.137 Autofill Remote Code Execution (Nessus ID 207720) | A vulnerability classified as critical has been found in Google Chrome. Affected is an unknown function of the component Autofill. The manipulation leads to Remote Code Execution. This vulnerability is traded as CVE-2024-8908. It is possible to launch the attack remotely. There is no exploit available. It

vuldb.com

rss

forum

news

Stable Channel Update for Desktop

Srinivas Sista ([email protected])2024-09-17

Stable Channel Update for Desktop |  The Chrome team is delighted to announce the promotion of Chrome 129 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks.Chrome 129.0.6668.58 (Linux) 129.0.6668.58/.59( Windows, Mac) contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming<a href="https://chrome.blogspot.com

feedburner.com

rss

forum

news

Social Media

WindowsForum

@windowsforum

2024-09-20

CVE-2024-8908: Chromium Autofill Vulnerability Impacts Windows Users https://t.co/O1z7UdBJPe

Affected Software

Configuration 1

Type	Vendor	Product
App	Google	chrome

References

Reference	Link
[email protected]	https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_17.html
[email protected]	https://issues.chromium.org/issues/337222641
GITHUB	https://issues.chromium.org/issues/337222641
[email protected]	https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_17.html
[email protected]	https://issues.chromium.org/issues/337222641

CWE Details

CWE ID	CWE Name	Description
CWE-290	Authentication Bypass by Spoofing	This attack-focused weakness is caused by improperly implemented authentication schemes that are subject to spoofing attacks.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence