CVE-2024-8034: 
vulnerability analysis and mitigation

A vulnerability identified as CVE-2024-8034 was discovered in Google Chrome's Custom Tabs feature on Android devices. The issue affects versions prior to 128.0.6613.84 and was disclosed on August 21, 2024. The vulnerability allows remote attackers to perform UI spoofing through crafted HTML pages (Chrome Release, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 4.3 (Medium), with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. This indicates that the vulnerability can be exploited remotely, requires low attack complexity, needs no privileges, but does require user interaction. The scope is unchanged, with no impact on confidentiality, low impact on integrity, and no impact on availability (NVD).

The vulnerability's primary impact is the potential for UI spoofing attacks through crafted HTML pages, which could lead to user interface deception in the Custom Tabs feature of Google Chrome on Android devices. The security severity has been rated as Low by the Chromium team (Chrome Release).

Google has addressed this vulnerability in Chrome version 128.0.6613.84 for Android. Users are advised to update their Chrome browsers to this version or later to mitigate the risk (Chrome Release).