Unrated severityNVD Advisory· Published Oct 15, 2024· Updated Nov 3, 2025

CVE-2024-9956

Description

Inappropriate implementation in WebAuthentication in Google Chrome on Android prior to 130.0.6723.58 allowed a local attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)

Affected products

osv-coords6 versions
pkg:rpm/opensuse/chromium&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/chromium&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/chromium&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweed pkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2015%20SP5 pkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2015%20SP6
< 130.0.6723.58-bp156.2.41.1+ 5 more
- (no CPE)range: < 130.0.6723.58-bp156.2.41.1
- (no CPE)range: < 130.0.6723.58-bp156.2.41.1
- (no CPE)range: < 130.0.6723.58-1.1
- (no CPE)range: < 136.0-1.1
- (no CPE)range: < 130.0.6723.58-bp156.2.41.1
- (no CPE)range: < 130.0.6723.58-bp156.2.41.1
Google/Chromev5
Range: 130.0.6723.58

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

Risky Business #783 -- Evil webcam ransomwares entire Windows network
Risky Business · Mar 12, 2025

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000