Insufficient Policy Enforcement in Google Chrome on iOS
CVE-2024-11115

8.8HIGH

Key Information:

Vendor: Google
Status: Chrome
Vendor: CVE Published:; 12 November 2024

Summary

A vulnerability has been identified in Google Chrome for iOS, stemming from insufficient policy enforcement during navigation activities. This flaw can be exploited by remote attackers to escalate privileges through a sequence of user interface gestures. The exploit takes advantage of weaknesses in the browser's handling of navigation controls, potentially allowing unauthorized access to sensitive functionality and data. Users are urged to update their browser to the latest version to mitigate risks associated with this vulnerability.

References

https://chromereleases.googleblog.com/2024/11/stable-chan...

https://issues.chromium.org/issues/371929521

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 12, 2024

Collectors

NVD DatabaseGoogle Feed