Heap Corruption in Chrome Prior to 130.0.6723.69
CVE-2024-10230

8.8HIGH

Key Information:

Vendor

Google
Status
Chrome
Vendor
CVE Published:
22 October 2024

What is CVE-2024-10230?

CVE-2024-10230 is a vulnerability found in Google Chrome prior to version 130.0.6723.69, specifically in the V8 JavaScript engine. This vulnerability is characterized as heap corruption due to type confusion, which means that an attacker could potentially manipulate how memory is managed within the browser. The exploitation of this vulnerability could lead to severe negative consequences for organizations, including unauthorized access to sensitive data, disruption of services, or compromise of security measures implemented within the browser environment.

Technical Details

This vulnerability arises from a type confusion issue in Google's V8 JavaScript engine, which is integral to the functioning of Chrome. Such type confusion can lead to heap corruption, where the browser's memory is mismanaged, fracturing the separation between different memory allocations. This mismanagement could be triggered through maliciously crafted HTML pages, allowing an attacker to deliver malicious content that can exploit the vulnerability.

Potential impact of CVE-2024-10230

  1. Data Breaches: Unauthorized access to sensitive information is a significant concern, as attackers can exploit this vulnerability to gain illicit control over a user's session and extract confidential data.

  2. System Compromise: The exploitation of this vulnerability could allow attackers to execute arbitrary code within the browser, potentially leading to a full compromise of the affected device or environment.

  3. Service Disruption: Organizations may face interruptions in their operations if attackers leverage this vulnerability to crash or alter the behavior of the browser, resulting in reduced productivity and trust in the affected systems.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Chrome 130.0.6723.69

References

https://chromereleases.googleblog.com/2024/10/stable-chan...
https://issues.chromium.org/issues/371565065

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.