CVE-2024-11395
https://notcve.org/view.php?id=CVE-2024-11395
Type Confusion in V8 in Google Chrome prior to 131.0.6778.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) • https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop_19.html https://issues.chromium.org/issues/377384894 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2024-11117
https://notcve.org/view.php?id=CVE-2024-11117
Inappropriate implementation in FileSystem in Google Chrome prior to 131.0.6778.69 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Low) • https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop_12.html https://issues.chromium.org/issues/40062534 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-11116
https://notcve.org/view.php?id=CVE-2024-11116
Inappropriate implementation in Blink in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) • https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop_12.html https://issues.chromium.org/issues/40942531 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-11115
https://notcve.org/view.php?id=CVE-2024-11115
Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 131.0.6778.69 allowed a remote attacker to perform privilege escalation via a series of UI gestures. (Chromium security severity: Medium) • https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop_12.html https://issues.chromium.org/issues/371929521 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-11114
https://notcve.org/view.php?id=CVE-2024-11114
Inappropriate implementation in Views in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) • https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop_12.html https://issues.chromium.org/issues/370856871 •