CVE-2024-0805: 
vulnerability analysis and mitigation

CVE-2024-0805 is a security vulnerability discovered in Google Chrome's Downloads feature prior to version 121.0.6167.85. The vulnerability was disclosed on January 23, 2024, and involves an inappropriate implementation that could allow a remote attacker to perform domain spoofing via a crafted domain name (Chrome Release, NVD).

The vulnerability has been classified with a CVSS v3.1 Base Score of 4.3 (Medium), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. This indicates that the vulnerability can be exploited remotely, requires low attack complexity, needs no privileges, but does require user interaction (NVD).

The vulnerability allows remote attackers to perform domain spoofing through crafted domain names in the Downloads feature. This could potentially lead to users being misled about the origin of downloaded files (NVD).

The vulnerability has been patched in Google Chrome version 121.0.6167.85. Users are advised to update their Chrome browsers to this version or later to mitigate the risk. The fix has also been incorporated into various Linux distributions including Fedora 38 and 39 (Fedora Update).