CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-11113

Medium Severity
Google
SVRS
30/100
CVSSv3
8.8/10
EPSS
0.00274/1

CVE-2024-11113 is a use-after-free vulnerability in Google Chrome that could allow remote attackers to execute arbitrary code. Specifically, this vulnerability exists in the Accessibility component of Google Chrome versions prior to 131.0.6778.69. By compromising the renderer process and crafting a malicious HTML page, an attacker could potentially exploit heap corruption. Although the CVSS score is 8.8, indicating high severity, the SOCRadar Vulnerability Risk Score (SVRS) is 30, which suggests it is not a critical vulnerability requiring immediate action despite the "In The Wild" tag. This discrepancy indicates that while the vulnerability is theoretically severe, its actual exploitation in real-world scenarios might be less likely. Successful exploitation could lead to arbitrary code execution and potentially complete control of the affected system. While the Chromium security severity is rated as Medium, organizations should still patch to mitigate the risk of potential heap corruption.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:R
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-11-12
LAST MODIFIED2025-01-02

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-11113 | Google Chrome up to 130.0.6723.116 Accessibility use after free (Nessus ID 211402)
vuldb.com2025-02-27
CVE-2024-11113 | Google Chrome up to 130.0.6723.116 Accessibility use after free (Nessus ID 211402) | A vulnerability, which was classified as critical, was found in Google Chrome. This affects an unknown part of the component Accessibility. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2024-11113. It is possible to initiate the attack remotely. There is no exploit
vuldb.com
rss
forum
news
Stable Channel Update for Desktop
Prudhvikumar Bommana ([email protected])2024-12-02
Stable Channel Update for Desktop | The Chrome team is delighted to announce the promotion of Chrome 131 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks.<span style
blogger.com
rss
forum
news
Chrome 131 Released With Fix for 12 Security Vulnerabilities
Tushar Subhra Dutta2024-11-13
Chrome 131 Released With Fix for 12 Security Vulnerabilities | Google has released Chrome 131 to the stable channel for Windows, Mac, and Linux, addressing 12 security vulnerabilities, including several high and medium-severity flaws. This update, which will roll out over the coming days and weeks, brings important security fixes and improvements to the popular web browser. The Chrome team highlighted several vulnerabilities that were [&#8230;] The post Chrome 131 Released With Fix for 12 Security Vulnerabilities appeared first
cybersecuritynews.com
rss
forum
news

Social Media

There is a new vulnerability with elevated criticality in Google Chrome (CVE-2024-11113) https://t.co/yc3xafJtLO
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppGooglechrome

References

ReferenceLink
[email protected]https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop_12.html
[email protected]https://issues.chromium.org/issues/360274917

CWE Details

CWE IDCWE NameDescription
CWE-416Use After FreeReferencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence