Heap Corruption Vulnerability in ANGLE Could Lead to Remote Code Execution
CVE-2024-0222

8.8HIGH

Key Information:

Vendor: Google
Status: Chrome
Vendor: CVE Published:; 4 January 2024

Badges

👾 Exploit Exists📰 News Worthy

Summary

A vulnerability exists within the ANGLE component of Google Chrome, which could be exploited through a use after free condition. This flaw enables a remote attacker to potentially corrupt the heap via a specially crafted HTML page, particularly affecting versions of Google Chrome prior to 120.0.6099.199. Attackers who manage to compromise the renderer process may exploit this vulnerability, leading to potential impacts on system integrity and security.

Affected Version(s)

Chrome 120.0.6099.199

News Articles

GBHackers

CVE-2024-0222 CVE-2024-0223

Google Chrome Use After Free Flaw Let Attacker Hijack Browser

The latest stable channel update for Google Chrome, version 120.0.6099.199 for Mac and Linux and 120.0.6099.199/200 for Windows.

5 months ago

References

https://chromereleases.googleblog.com/2024/01/stable-chan...

https://crbug.com/1501798

https://lists.fedoraproject.org/archives/list/package-ann...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Sep 2, 2024
📰
First article discovered by GBHackers
Sep 2, 2024
Vulnerability published
Jan 4, 2024
Vulnerability Reserved
Jan 3, 2024

Key Information:

Badges

Summary

Affected Version(s)

Get notified when SecurityVulnerability.io launches alerting 🔔

News Articles

Google Chrome Use After Free Flaw Let Attacker Hijack Browser

References

CVSS V3.1

Timeline