Inadequate Protection in Google Chrome's Views Component on Windows
CVE-2024-11114

8.3HIGH

Key Information:

Vendor: Google
Status: Chrome
Vendor: CVE Published:; 12 November 2024

Summary

An inappropriate implementation in the Views module of Google Chrome for Windows has opened a potential avenue for a remote attacker to conduct a sandbox escape. This vulnerability arises when the renderer process is compromised, allowing malicious actors to exploit crafted HTML pages. Users running versions of Google Chrome prior to 131.0.6778.69 are particularly at risk. It is crucial for users to stay informed about these vulnerabilities and apply updates promptly to safeguard their systems.

References

https://chromereleases.googleblog.com/2024/11/stable-chan...

https://issues.chromium.org/issues/370856871

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 12, 2024

Collectors

NVD DatabaseGoogle Feed