CVE-2023-5484: 
vulnerability analysis and mitigation

CVE-2023-5484 is a security vulnerability in Google Chrome's Navigation component that was discovered on February 11, 2023, by Thomas Orlita. The vulnerability was patched in Chrome version 118.0.5993.70 released on October 10, 2023. This medium-severity issue involves inappropriate implementation in the Navigation component that could allow a remote attacker to spoof security UI via a crafted HTML page (Chrome Release).

The vulnerability is classified with a CVSS v3.1 Base Score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N. This indicates that the vulnerability can be exploited remotely, requires low attack complexity, needs no privileges, but does require user interaction. The impact primarily affects integrity, with no impact on confidentiality or availability (NVD).

If exploited, this vulnerability could allow an attacker to spoof security UI elements through a specially crafted HTML page, potentially misleading users about the security status or identity of a webpage. This could lead to users making security-relevant decisions based on falsified security indicators (Chrome Release).

The vulnerability has been patched in Chrome version 118.0.5993.70. Users and administrators should ensure their Chrome browsers are updated to this version or later. The fix has also been incorporated into various Linux distributions including Debian 11 (bullseye) and 12 (bookworm), Fedora 37 and 38, and Gentoo (Debian Advisory, Fedora Update).