PT-2024-8969 · Google+5 · Google Chrome+5

Ameen Basha M K

Published

2024-11-12

Updated

2025-03-19

CVE-2024-11117

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 131.0.6778.69 Microsoft Edge (affected versions not specified)

Description: The issue is related to an inappropriate implementation in the FileSystem component, allowing a remote attacker to bypass filesystem restrictions via a crafted HTML page. This can be exploited by a remote attacker to bypass standard security checks. The severity of this issue is classified as low.

Recommendations: For Google Chrome versions prior to 131.0.6778.69, update to version 131.0.6778.69 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

XSS

Improperly Implemented Security Check for Standard

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-358

Related Identifiers

ALT-PU-2024-17740

ALT-PU-2025-4366

BDU:2024-10651

CVE-2024-11117

DSA-5817-1

OPENSUSE-SU-2024:0373-1

OPENSUSE-SU-2024:0374-1

OPENSUSE-SU-2024:14511-1

Affected Products

Alt Linux

Astra Linux

Debian

Google Chrome

Edge

Red Os

PT-2024-8969 · Google+5 · Google Chrome+5

CVE-2024-11117

Weakness Enumeration

Related Identifiers

Affected Products

References · 44