CVE-2024-1675: 
vulnerability analysis and mitigation

CVE-2024-1675 is a security vulnerability discovered in Google Chrome's Download functionality prior to version 122.0.6261.57. The vulnerability allows a remote attacker to bypass filesystem restrictions through a crafted HTML page. This security issue was reported by Bartłomiej Wacko on December 21, 2023, and was assigned a Medium severity rating by the Chromium security team (Chrome Release).

The vulnerability has been classified with a CVSS v3.1 Base Score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The issue stems from insufficient policy enforcement in the Download component of Google Chrome, which could potentially allow attackers to circumvent established filesystem restrictions (NVD).

The vulnerability could allow remote attackers to bypass filesystem restrictions when a user interacts with a specially crafted HTML page. This could potentially lead to unauthorized access to files or directories that should be restricted (NVD).

Google has addressed this vulnerability in Chrome version 122.0.6261.57. Users are advised to update their Chrome browsers to this version or later. The fix has also been incorporated into various Linux distributions, including Fedora 38 and 39 (Fedora Update).