CVE-2024-0804: 
vulnerability analysis and mitigation

CVE-2024-0804 is a security vulnerability discovered in Google Chrome's iOS Security UI prior to version 121.0.6167.85. The vulnerability was disclosed on January 23, 2024, and affects the policy enforcement mechanism in the browser's security interface. The issue was reported by Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) (Chrome Release).

The vulnerability is characterized by insufficient policy enforcement in the iOS Security UI component, which could allow a remote attacker to leak cross-origin data through a crafted HTML page. The severity is rated as Medium according to Chromium's security assessment, with a CVSS v3.1 base score of 7.5 HIGH (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) (NVD).

The vulnerability enables cross-origin data leakage, potentially allowing attackers to access information from different origins than intended. This could lead to unauthorized access to sensitive data that should be protected by the browser's same-origin policy (NVD).

The vulnerability has been patched in Google Chrome version 121.0.6167.85. Users are advised to update their browsers to this version or later. The fix has also been incorporated into Fedora 38 and 39 through their respective package updates (Fedora Update).