Heap Corruption in Chrome Prior to 130.0.6723.69
CVE-2024-10230

8.8HIGH

Key Information:

Vendor: Google
Status: Chrome
Vendor: CVE Published:; 22 October 2024

Summary

A type confusion vulnerability exists within the V8 JavaScript engine in Google Chrome before version 130.0.6723.69. This flaw can allow remote attackers to exploit heap corruption issues through specially crafted HTML pages. A successful exploit could lead to unpredictable behavior, including potential execution of arbitrary code, which poses significant risks to users who visit malicious websites.

Affected Version(s)

Chrome 130.0.6723.69

References

https://chromereleases.googleblog.com/2024/10/stable-chan...

https://issues.chromium.org/issues/371565065

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 22, 2024
Vulnerability Reserved
Oct 22, 2024

Collectors

NVD DatabaseMitre DatabaseGoogle Feed