Heap Corruption Vulnerability in ANGLE Could Lead to Remote Code Execution

CVE-2024-0222

8.8HIGH

Key Information

Vendor: Google
Status: Chrome
Vendor: CVE Published:; 4 January 2024

Badges

👾 Exploit Exists📰 News Worthy

Summary

Use after free in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Affected Version(s)

Chrome < 120.0.6099.199

News Articles

GBHackers

CVE-2024-0222 CVE-2024-0223

Google Chrome Use After Free Flaw Let Attacker Hijack Browser

The latest stable channel update for Google Chrome, version 120.0.6099.199 for Mac and Linux and 120.0.6099.199/200 for Windows.

4 months ago

Refferences

https://chromereleases.googleblog.com/2024/01/stable-chan...

https://crbug.com/1501798

https://lists.fedoraproject.org/archives/list/package-ann...

https://security.gentoo.org/glsa/202401-34

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Sep 2, 2024
First article discovered by GBHackers
Sep 2, 2024
Vulnerability published
Jan 4, 2024
Vulnerability Reserved
Jan 3, 2024

Collectors

NVD DatabaseMitre DatabaseGoogle Feed1 News Article(s)