CVE-2023-5486: 
vulnerability analysis and mitigation

CVE-2023-5486 is a low severity vulnerability discovered in Google Chrome prior to version 118.0.5993.70. The vulnerability was reported by Hafiizh on August 29, 2022, and involves an inappropriate implementation in the Input component that could allow a remote attacker to spoof security UI via a crafted HTML page (Chrome Release).

The vulnerability is classified with a CVSS v3.1 Base Score of 4.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. This indicates that the vulnerability is network exploitable, requires low attack complexity, needs no privileges, requires user interaction, has unchanged scope, and can impact integrity at a low level with no effects on confidentiality or availability (NVD).

The vulnerability allows a remote attacker to spoof security UI through a specially crafted HTML page. The impact is considered low severity according to Chromium's security assessment (Chrome Release).

The vulnerability has been fixed in Google Chrome version 118.0.5993.70 and later. Users are advised to update their Chrome browsers to the latest version. The fix has also been incorporated into various distributions including Debian and Gentoo (Debian Advisory, Gentoo Advisory).