CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11112
https://notcve.org/view.php?id=CVE-2024-11112
Use after free in Media in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) • https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop_12.html https://issues.chromium.org/issues/354824998 • CWE-416: Use After Free •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11111
https://notcve.org/view.php?id=CVE-2024-11111
Inappropriate implementation in Autofill in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) • https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop_12.html https://issues.chromium.org/issues/360520331 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11110
https://notcve.org/view.php?id=CVE-2024-11110
Inappropriate implementation in Extensions in Google Chrome prior to 131.0.6778.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. (Chromium security severity: High) • https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop_12.html https://issues.chromium.org/issues/373263969 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •