CVE-2024-9956: Inappropriate implementation in Web Authentication

First published: Mon Sep 30 2024(Updated: )

<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024%C2%A0">Google Chrome Releases</a> for more information.</p>

Credit: mastersplinter chrome-cve-admin@google.com Uri Katz (Oligo Security) Uri Katz (Oligo Security) Uri Katz (Oligo Security) Uri Katz (Oligo Security) Uri Katz (Oligo Security) Minghao Lin @Y1nKoc Zhejiang Universitybabywu Zhejiang University Zhejiang UniversityXingwei Lin Zhejiang UniversityGoogle Threat Analysis Group Google Threat Analysis Group Google Threat Analysis Group Desmond Trend Micro Zero Day InitiativePwn2car & Rotiple (HyeongSeok Jang) Trend Micro Zero Day InitiativeCVE-2025-24085 DongJun Kim @smlijun JongSeong Kim in Enki WhiteHat @nevul37 D4m0n an anonymous researcher pattern-f @pattern_F_ Michael (Biscuit) Thomas @social.lol) @biscuit Hichem Maloufi Hakim Boukhadra mastersplinter @RenwaX23 @RenwaX23 Michael DePlante @izobashi Trend Micro Zero Day InitiativeKirin @Pwnrin an anonymous researcher an anonymous researcher Q1IQ @q1iqF NUS CuriOSityP1umer @p1umer Imperial Global Singaporelinjy HKUS3Labchluo WHUSecLabJohan Carlsson (joaxcar) Uri Katz (Oligo Security) Uri Katz (Oligo Security) Minghao Lin @Y1nKoc Zhejiang Universitybabywu Zhejiang University Zhejiang UniversityXingwei Lin Zhejiang UniversityGoogle Threat Analysis Group Google Threat Analysis Group Google Threat Analysis Group Desmond Trend Micro Zero Day InitiativePwn2car & Rotiple (HyeongSeok Jang) Trend Micro Zero Day InitiativeCVE-2025-24085 DongJun Kim @smlijun JongSeong Kim in Enki WhiteHat @nevul37 D4m0n an anonymous researcher pattern-f @pattern_F_ Michael (Biscuit) Thomas @social.lol) @biscuit Hichem Maloufi Hakim Boukhadra mastersplinter @RenwaX23 @RenwaX23 Michael DePlante @izobashi Trend Micro Zero Day InitiativeKirin @Pwnrin an anonymous researcher an anonymous researcher Q1IQ @q1iqF NUS CuriOSityP1umer @p1umer Imperial Global Singaporelinjy HKUS3Labchluo WHUSecLabJohan Carlsson (joaxcar) Google Threat Analysis Group Google Threat Analysis Group Google Threat Analysis Group Desmond Trend Micro Zero Day InitiativePwn2car & Rotiple (HyeongSeok Jang) Trend Micro Zero Day InitiativeCVE-2025-24085 DongJun Kim @smlijun JongSeong Kim in Enki WhiteHat @nevul37 D4m0n an anonymous researcher pattern-f @pattern_F_ Michael (Biscuit) Thomas @social.lol) @biscuit Hichem Maloufi Hakim Boukhadra mastersplinter @RenwaX23 @RenwaX23 Michael DePlante @izobashi Trend Micro Zero Day InitiativeKirin @Pwnrin an anonymous researcher an anonymous researcher Q1IQ @q1iqF NUS CuriOSityP1umer @p1umer Imperial Global Singaporelinjy HKUS3Labchluo WHUSecLabJohan Carlsson (joaxcar) Hichem Maloufi Hakim Boukhadra mastersplinter @RenwaX23 @RenwaX23 Michael DePlante @izobashi Trend Micro Zero Day InitiativeKirin @Pwnrin an anonymous researcher an anonymous researcher Q1IQ @q1iqF NUS CuriOSityP1umer @p1umer Imperial Global Singaporelinjy HKUS3Labchluo WHUSecLabJohan Carlsson (joaxcar) an anonymous researcher pattern-f @pattern_F_ Michael (Biscuit) Thomas @social.lol) @biscuit Hichem Maloufi Hakim Boukhadra mastersplinter @RenwaX23 @RenwaX23 Michael DePlante @izobashi Trend Micro Zero Day InitiativeKirin @Pwnrin an anonymous researcher an anonymous researcher Q1IQ @q1iqF NUS CuriOSityP1umer @p1umer Imperial Global Singaporelinjy HKUS3Labchluo WHUSecLabJohan Carlsson (joaxcar) pattern-f @pattern_F_ Michael (Biscuit) Thomas @social.lol) @biscuit Hichem Maloufi Hakim Boukhadra mastersplinter @RenwaX23 @RenwaX23 Michael DePlante @izobashi Trend Micro Zero Day InitiativeKirin @Pwnrin an anonymous researcher an anonymous researcher Q1IQ @q1iqF NUS CuriOSityP1umer @p1umer Imperial Global Singaporelinjy HKUS3Labchluo WHUSecLabJohan Carlsson (joaxcar) Minghao Lin @Y1nKoc Zhejiang Universitybabywu Zhejiang University Zhejiang UniversityXingwei Lin Zhejiang UniversityGoogle Threat Analysis Group Google Threat Analysis Group Google Threat Analysis Group Desmond Trend Micro Zero Day InitiativePwn2car & Rotiple (HyeongSeok Jang) Trend Micro Zero Day InitiativeCVE-2025-24085 DongJun Kim @smlijun JongSeong Kim in Enki WhiteHat @nevul37 D4m0n an anonymous researcher pattern-f @pattern_F_ Michael (Biscuit) Thomas @social.lol) @biscuit Hichem Maloufi Hakim Boukhadra mastersplinter @RenwaX23 @RenwaX23 Michael DePlante @izobashi Trend Micro Zero Day InitiativeKirin @Pwnrin an anonymous researcher an anonymous researcher Q1IQ @q1iqF NUS CuriOSityP1umer @p1umer Imperial Global Singaporelinjy HKUS3Labchluo WHUSecLabJohan Carlsson (joaxcar) Michael (Biscuit) Thomas @social.lol) @biscuit Hichem Maloufi Hakim Boukhadra mastersplinter @RenwaX23 @RenwaX23 Michael DePlante @izobashi Trend Micro Zero Day InitiativeKirin @Pwnrin an anonymous researcher an anonymous researcher Q1IQ @q1iqF NUS CuriOSityP1umer @p1umer Imperial Global Singaporelinjy HKUS3Labchluo WHUSecLabJohan Carlsson (joaxcar) Desmond Trend Micro Zero Day InitiativePwn2car & Rotiple (HyeongSeok Jang) Trend Micro Zero Day InitiativeCVE-2025-24085 DongJun Kim @smlijun JongSeong Kim in Enki WhiteHat @nevul37 D4m0n an anonymous researcher pattern-f @pattern_F_ Michael (Biscuit) Thomas @social.lol) @biscuit Hichem Maloufi Hakim Boukhadra mastersplinter @RenwaX23 @RenwaX23 Michael DePlante @izobashi Trend Micro Zero Day InitiativeKirin @Pwnrin an anonymous researcher an anonymous researcher Q1IQ @q1iqF NUS CuriOSityP1umer @p1umer Imperial Global Singaporelinjy HKUS3Labchluo WHUSecLabJohan Carlsson (joaxcar) DongJun Kim @smlijun JongSeong Kim in Enki WhiteHat @nevul37 D4m0n an anonymous researcher pattern-f @pattern_F_ Michael (Biscuit) Thomas @social.lol) @biscuit Hichem Maloufi Hakim Boukhadra mastersplinter @RenwaX23 @RenwaX23 Michael DePlante @izobashi Trend Micro Zero Day InitiativeKirin @Pwnrin an anonymous researcher an anonymous researcher Q1IQ @q1iqF NUS CuriOSityP1umer @p1umer Imperial Global Singaporelinjy HKUS3Labchluo WHUSecLabJohan Carlsson (joaxcar) Abhay Kailasia @abhay_kailasia CUri Katz (Oligo Security) Uri Katz (Oligo Security) Uri Katz (Oligo Security) Uri Katz (Oligo Security) Uri Katz (Oligo Security) Minghao Lin @Y1nKoc Zhejiang Universitybabywu Zhejiang University Zhejiang UniversityXingwei Lin Zhejiang UniversityGoogle Threat Analysis Group Google Threat Analysis Group Google Threat Analysis Group Desmond Trend Micro Zero Day InitiativePwn2car & Rotiple (HyeongSeok Jang) Trend Micro Zero Day InitiativeCVE-2025-24085 DongJun Kim @smlijun JongSeong Kim in Enki WhiteHat @nevul37 D4m0n an anonymous researcher pattern-f @pattern_F_ Michael (Biscuit) Thomas @social.lol) @biscuit Hichem Maloufi Hakim Boukhadra mastersplinter @RenwaX23 @RenwaX23 Michael DePlante @izobashi Trend Micro Zero Day InitiativeKirin @Pwnrin an anonymous researcher an anonymous researcher Q1IQ @q1iqF NUS CuriOSityP1umer @p1umer Imperial Global Singaporelinjy HKUS3Labchluo WHUSecLabJohan Carlsson (joaxcar) Uri Katz (Oligo Security) Uri Katz (Oligo Security) Uri Katz (Oligo Security) Uri Katz (Oligo Security) Minghao Lin @Y1nKoc Zhejiang Universitybabywu Zhejiang University Zhejiang UniversityXingwei Lin Zhejiang UniversityGoogle Threat Analysis Group Google Threat Analysis Group Google Threat Analysis Group Desmond Trend Micro Zero Day InitiativePwn2car & Rotiple (HyeongSeok Jang) Trend Micro Zero Day InitiativeCVE-2025-24085 DongJun Kim @smlijun JongSeong Kim in Enki WhiteHat @nevul37 D4m0n an anonymous researcher pattern-f @pattern_F_ Michael (Biscuit) Thomas @social.lol) @biscuit Hichem Maloufi Hakim Boukhadra mastersplinter @RenwaX23 @RenwaX23 Michael DePlante @izobashi Trend Micro Zero Day InitiativeKirin @Pwnrin an anonymous researcher an anonymous researcher Q1IQ @q1iqF NUS CuriOSityP1umer @p1umer Imperial Global Singaporelinjy HKUS3Labchluo WHUSecLabJohan Carlsson (joaxcar) Uri Katz (Oligo Security) Minghao Lin @Y1nKoc Zhejiang Universitybabywu Zhejiang University Zhejiang UniversityXingwei Lin Zhejiang UniversityGoogle Threat Analysis Group Google Threat Analysis Group Google Threat Analysis Group Desmond Trend Micro Zero Day InitiativePwn2car & Rotiple (HyeongSeok Jang) Trend Micro Zero Day InitiativeCVE-2025-24085 DongJun Kim @smlijun JongSeong Kim in Enki WhiteHat @nevul37 D4m0n an anonymous researcher pattern-f @pattern_F_ Michael (Biscuit) Thomas @social.lol) @biscuit Hichem Maloufi Hakim Boukhadra mastersplinter @RenwaX23 @RenwaX23 Michael DePlante @izobashi Trend Micro Zero Day InitiativeKirin @Pwnrin an anonymous researcher an anonymous researcher Q1IQ @q1iqF NUS CuriOSityP1umer @p1umer Imperial Global Singaporelinjy HKUS3Labchluo WHUSecLabJohan Carlsson (joaxcar) Uri Katz (Oligo Security) Uri Katz (Oligo Security) Uri Katz (Oligo Security) Minghao Lin @Y1nKoc Zhejiang Universitybabywu Zhejiang University Zhejiang UniversityXingwei Lin Zhejiang UniversityGoogle Threat Analysis Group Google Threat Analysis Group Google Threat Analysis Group Desmond Trend Micro Zero Day InitiativePwn2car & Rotiple (HyeongSeok Jang) Trend Micro Zero Day InitiativeCVE-2025-24085 DongJun Kim @smlijun JongSeong Kim in Enki WhiteHat @nevul37 D4m0n an anonymous researcher pattern-f @pattern_F_ Michael (Biscuit) Thomas @social.lol) @biscuit Hichem Maloufi Hakim Boukhadra mastersplinter @RenwaX23 @RenwaX23 Michael DePlante @izobashi Trend Micro Zero Day InitiativeKirin @Pwnrin an anonymous researcher an anonymous researcher Q1IQ @q1iqF NUS CuriOSityP1umer @p1umer Imperial Global Singaporelinjy HKUS3Labchluo WHUSecLabJohan Carlsson (joaxcar) mastersplinter @RenwaX23 @RenwaX23 Michael DePlante @izobashi Trend Micro Zero Day InitiativeKirin @Pwnrin an anonymous researcher an anonymous researcher Q1IQ @q1iqF NUS CuriOSityP1umer @p1umer Imperial Global Singaporelinjy HKUS3Labchluo WHUSecLabJohan Carlsson (joaxcar) CVE-2025-24085 DongJun Kim @smlijun JongSeong Kim in Enki WhiteHat @nevul37 D4m0n an anonymous researcher pattern-f @pattern_F_ Michael (Biscuit) Thomas @social.lol) @biscuit Hichem Maloufi Hakim Boukhadra mastersplinter @RenwaX23 @RenwaX23 Michael DePlante @izobashi Trend Micro Zero Day InitiativeKirin @Pwnrin an anonymous researcher an anonymous researcher Q1IQ @q1iqF NUS CuriOSityP1umer @p1umer Imperial Global Singaporelinjy HKUS3Labchluo WHUSecLabJohan Carlsson (joaxcar)

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/chrome-releases
• agent/software-canonical-lookup
• agent/title
• agent/first-publish-date
• agent/type
• agent/severity
• collector/msrc
• source/Microsoft
• collector/msrc-cve
• collector/mitre-cve
• source/MITRE
• agent/trending
• collector/nvd-api
• source/NVD
• agent/software-canonical-lookup-request
• agent/event
• collector/epss-latest
• source/FIRST
• agent/epss
• collector/apple-support
• source/Apple
• alias/CVE-2025-24129
• alias/CVE-2025-24131
• alias/CVE-2025-24177
• alias/CVE-2025-24137
• alias/CVE-2025-24127
• alias/CVE-2025-24160
• alias/CVE-2025-24161
• alias/CVE-2025-24163
• alias/CVE-2025-24123
• alias/CVE-2025-24124
• alias/CVE-2025-24085
• alias/CVE-2025-24086
• alias/CVE-2025-24107
• alias/CVE-2025-24159
• alias/CVE-2025-24117
• alias/CVE-2025-24104
• alias/CVE-2024-9956
• alias/CVE-2025-24128
• alias/CVE-2025-24113
• alias/CVE-2025-24149
• alias/CVE-2025-24145
• alias/CVE-2025-24154
• alias/CVE-2025-24143
• alias/CVE-2025-24158
• alias/CVE-2025-24162
• alias/CVE-2025-24150
• alias/CVE-2025-24126
• agent/references
• agent/last-modified-date
• agent/weakness
• agent/source
• agent/author
• agent/softwarecombine
• agent/tags
• agent/description
• vendor/google
• canonical/google chrome
• vendor/microsoft
• canonical/microsoft edge (chromium-based)
• canonical/google android
• canonical/microsoft edge
• vendor/apple
• canonical/apple ios
• canonical/apple ipados