Out of Bounds Write in Chrome Prior to 130.0.6723.92 Allowed Remote Attacker to Access Memory
CVE-2024-10487

8.8HIGH

Key Information:

Vendor
Google
Status
Chrome
Vendor
CVE Published:
29 October 2024

Badges

πŸ“ˆ Score: 303πŸ’° RansomwareπŸ‘Ύ Exploit ExistsπŸ“° News Worthy

What is CVE-2024-10487?

CVE-2024-10487 is a critical vulnerability identified in Google Chrome prior to version 130.0.6723.92. This issue involves an out-of-bounds write in the Dawn rendering engine, which can be exploited by remote attackers through specially crafted HTML pages. The security flaw poses significant risks to organizations as it can allow malicious actors to access memory, potentially compromising sensitive data and systems. Given the widespread use of Google Chrome, the impact of this vulnerability could be extensive, affecting numerous users and enterprises that rely on the browser for everyday operations.

Technical Details

The vulnerability stems from an out-of-bounds write condition within the Dawn component of Google Chrome. Attackers can leverage this flaw to execute arbitrary code or manipulate the memory of the affected system. The issue is classified with a critical severity rating and is recognized within the Chromium security landscape. Users running versions earlier than 130.0.6723.92 are at an elevated risk, especially if they encounter malicious web content designed to exploit this vulnerability.

Potential Impact of CVE-2024-10487

  1. Unauthorized Memory Access: Exploitation of this vulnerability can lead to unauthorized memory access, enabling attackers to manipulate or leak sensitive information stored in the system's memory.

  2. Remote Code Execution: An attacker could execute arbitrary code on a victim's device by tricking them into viewing a specially crafted webpage, potentially leading to complete compromise of the affected system.

  3. Data Breaches and System Compromise: Given its capability to access sensitive data, organizations may face significant data breach risks, resulting in financial loss, reputational damage, and compliance issues, particularly if sensitive information is exposed or exploited.

Affected Version(s)

Chrome 130.0.6723.92

News Articles

favicon imageCyberSecurityNews

Critical Chrome Security Update: Patch for Out-of-Bounds & WebRTC Vulnerability

Google has rolled out a critical security update for its Chrome browser, addressing significant vulnerabilities that attackers could exploit.

3 months ago

favicon imageSecurityWeek

Google Patches Critical Chrome Vulnerability Reported by Apple

Google has patched CVE-2024-10487, a critical Chrome vulnerability, and Mozilla has patched high-severity flaws in Firefox.

3 months ago

References

https://chromereleases.googleblog.com/2024/10/stable-chan...
https://issues.chromium.org/issues/375123371

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • πŸ’°

    Used in Ransomware

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ“°

    First article discovered by SecurityWeek

  • Vulnerability published

.