CVE-2024-0811: 
vulnerability analysis and mitigation

CVE-2024-0811 is a security vulnerability discovered in Google Chrome's Extensions API prior to version 121.0.6167.85. The vulnerability was reported by Jann Horn of Google Project Zero on October 21, 2023, and was publicly disclosed on January 23, 2024. This vulnerability affects Google Chrome browser and its derivatives (Chrome Release).

The vulnerability is characterized as an inappropriate implementation in the Extensions API of Google Chrome. It has been assigned a Low severity rating by Chromium security team. The vulnerability received a CVSS v3.1 Base Score of 4.3 (Medium) with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N (NVD).

When exploited, this vulnerability allows an attacker who has convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension (NVD).

The vulnerability has been fixed in Google Chrome version 121.0.6167.85. Users are advised to update their Chrome browsers to this version or later to protect against this vulnerability. The fix has also been incorporated into Fedora 38 and 39 through their respective security updates (Fedora Update).