CVE-2024-13983: 
Google Chrome vulnerability analysis and mitigation

A vulnerability identified as CVE-2024-13983 was discovered in Google Chrome's Lens feature on iOS devices. The issue affects versions prior to 136.0.7103.59 and involves an inappropriate implementation that could allow remote attackers to perform UI spoofing through crafted QR codes. The vulnerability was reported by Zeddy from CUHK on November 19, 2024, and was assigned a low severity rating by the Chromium security team (Chrome Release Notes).

The vulnerability has been assigned a CVSS v3.1 base score of 6.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L. The issue is classified under CWE-601 (URL Redirection to Untrusted Site). The vulnerability specifically affects the Lens feature in Google Chrome on iOS platforms, where improper implementation could lead to user interface spoofing attacks when processing specially crafted QR codes (NVD).

The vulnerability enables attackers to perform UI spoofing attacks through specially crafted QR codes, potentially misleading users about the content they are interacting with. This could lead to low-level impacts on confidentiality, integrity, and availability of the affected system (SOCRadar).

Google has addressed this vulnerability in Chrome version 136.0.7103.59 for iOS. Users are advised to update their Chrome browsers to this version or later to mitigate the risk. The fix was included as part of a broader security update that addressed multiple vulnerabilities (Chrome Release Notes).