CVE-2024-0809: 
vulnerability analysis and mitigation

CVE-2024-0809 is a security vulnerability discovered in Google Chrome's Autofill feature affecting versions prior to 121.0.6167.85. The vulnerability was disclosed on January 23, 2024, and was reported by Ahmed ElMasry. It involves an inappropriate implementation in the Autofill functionality that could allow a remote attacker to bypass Autofill restrictions through a crafted HTML page (Chrome Release, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 4.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. This indicates that the vulnerability can be exploited remotely, requires low attack complexity, needs no privileges, but does require user interaction. The scope is unchanged, with no impact on confidentiality, low impact on integrity, and no impact on availability (NVD).

The vulnerability allows a remote attacker to bypass Autofill restrictions when a user interacts with a specially crafted HTML page. Google has classified this vulnerability as having 'Low' security severity, indicating limited potential impact on the system's security (Chrome Release).

The vulnerability has been patched in Google Chrome version 121.0.6167.85. Users are advised to update their Chrome browser to this version or later to mitigate the risk. The update has been released for Windows, Mac, and Linux platforms (Chrome Release).