CVE-2024-11116Cross-site Scripting in Google Chrome

CWE-79Cross-site Scripting7 documents7 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 68.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Google ChromeChromium
Timeline
PublishedNov 12

Description

Inappropriate implementation in Blink in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

CVEListV5google/chrome131.0.6778.69131.0.6778.69
NVDgoogle/chrome< 131.0.6778.69
Debianchromium/chromium< 131.0.6778.85-1~deb12u1+2

🔴Vulnerability Details

3
CVEList
CVE-2024-11116: Inappropriate implementation in Blink in Google Chrome prior to 1312024-11-12
OSV
CVE-2024-11116: Inappropriate implementation in Blink in Google Chrome prior to 1312024-11-12
GHSA
GHSA-8g5x-cxhr-gr43: Inappropriate implementation in Blink in Google Chrome prior to 1312024-11-12

📋Vendor Advisories

3
Microsoft
Chromium: CVE-2024-11116 Inappropriate implementation in Paint2024-11-12
Chrome
Stable Channel Update for Desktop: CVE-2024-111152024-11-12
Debian
CVE-2024-11116: chromium - Inappropriate implementation in Blink in Google Chrome prior to 131.0.6778.69 al...2024
CVE-2024-11116 — Cross-site Scripting in Google Chrome | cvebase