Remote Code Execution Vulnerability in Google Chrome Extensions
CVE-2024-11110

6.5MEDIUM

Key Information:

Vendor: Google
Status: Chrome
Vendor: CVE Published:; 12 November 2024

Summary

A vulnerability exists in Google Chrome where an inappropriate implementation in the Extensions component enables remote attackers to bypass site isolation by utilizing a crafted Chrome Extension. This flaw may expose sensitive user data or allow malicious actions to be executed without the user's consent. Users are advised to update to the latest version of Google Chrome to prevent potential exploitation.

References

https://chromereleases.googleblog.com/2024/11/stable-chan...

https://issues.chromium.org/issues/373263969

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 12, 2024

Collectors

NVD DatabaseGoogle Feed