CVE-2023-5481: 
vulnerability analysis and mitigation

CVE-2023-5481 is a security vulnerability discovered in Google Chrome's Downloads feature prior to version 118.0.5993.70. The vulnerability allows a remote attacker to spoof security UI through a crafted HTML page. This issue was reported by Om Apip on June 28, 2023, and was assigned a Medium severity rating by the Chromium security team (Chrome Release).

The vulnerability is classified with a CVSS v3.1 Base Score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N. This indicates that the vulnerability can be exploited remotely, requires low attack complexity, needs no privileges, but does require user interaction. The scope is unchanged, with no impact on confidentiality, high impact on integrity, and no impact on availability (NVD).

The vulnerability could allow attackers to spoof the security user interface in Chrome's Downloads feature, potentially misleading users about the safety or nature of downloaded content. This could lead to users being deceived about the security status of their downloads, potentially resulting in the execution of malicious files (NVD).

The vulnerability has been patched in Google Chrome version 118.0.5993.70 and later. Users are advised to update their Chrome browsers to the latest version. The fix has also been incorporated into various distributions including Debian 11 (bullseye) and 12 (bookworm) as version 118.0.5993.70-1, and similar updates have been provided for other Chromium-based browsers (Debian Advisory).