CVE-2024-0811 in Chromeinfo

Summary

by MITRE • 01/24/2024

Inappropriate implementation in Extensions API in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low)

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 06/16/2025

The vulnerability identified as CVE-2024-0811 represents a significant security flaw within the Extensions API of Google Chrome browsers prior to version 121.0.6167.85. This issue stems from an inappropriate implementation that creates a pathway for malicious actors to exploit the extension ecosystem and access sensitive cross-origin data. The vulnerability specifically targets the Chrome Extension architecture, which serves as a critical component for extending browser functionality while maintaining security boundaries between different origins. The flaw allows for unauthorized data leakage when a user installs a malicious extension, leveraging the trust model inherent in the browser extension system.

The technical implementation flaw resides in how Chrome handles cross-origin data access within the Extensions API context. When a malicious extension is installed and executed, it can potentially bypass normal security restrictions that should prevent one origin from accessing data belonging to another origin. This misimplementation creates an attack vector where an extension can craft specific requests or operations that inadvertently expose cross-origin resources to unauthorized parties. The vulnerability manifests through the extension's ability to manipulate the browser's security model, particularly in how it manages permissions and data isolation between different web origins.

The operational impact of this vulnerability extends beyond simple data leakage, as it represents a fundamental breakdown in Chrome's security architecture for managing third-party extensions. Attackers can leverage this flaw to conduct cross-site data exfiltration attacks, potentially accessing sensitive information from multiple origins simultaneously. The attack requires social engineering to convince users to install a malicious extension, but once installed, the vulnerability operates automatically without further user interaction. This makes it particularly dangerous in environments where users may be targeted through phishing campaigns or other social engineering tactics. The low severity classification according to Chromium security guidelines does not diminish the potential impact on user privacy and data security.

Mitigation strategies for CVE-2024-0811 should focus on immediate browser updates to version 121.0.6167.85 or later, which contains the necessary patches to address the inappropriate implementation in the Extensions API. Organizations should implement strict extension management policies, including regular audits of installed extensions and limiting extension installation privileges to trusted administrators only. Users should be educated about the risks of installing extensions from untrusted sources and should verify extension permissions before installation. Security monitoring should include detection of suspicious extension behavior patterns that might indicate exploitation attempts. This vulnerability aligns with CWE-284 Access Control Issues, specifically related to insufficient access control mechanisms within browser extension APIs. The attack pattern corresponds to techniques described in the ATT&CK framework under T1176 Browser Extensions and T1059 Command and Scripting Interpreter, as it leverages browser extension mechanisms to execute malicious code and access unauthorized data.

Reservation

01/23/2024

Disclosure

01/24/2024

Moderation

accepted

CPE

ready

EPSS

0.00579

KEV

no

Activities

very low

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!