CVE-2024-11111

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 131.0.6778.69 Microsoft Edge (affected versions not specified)

Description: The issue is related to an inappropriate implementation in the Autofill feature, which can allow a remote attacker to perform UI spoofing via a crafted HTML page. This can happen if the attacker convinces a user to engage in specific UI gestures. The vulnerability is associated with errors in presenting information to the user interface.

Recommendations: For Google Chrome versions prior to 131.0.6778.69, update to version 131.0.6778.69 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the Autofill feature until a patch is available. Restrict access to potentially vulnerable modules to minimize the risk of exploitation. Avoid using the Autofill feature in affected API endpoints until the issue is resolved.