Heap Corruption Vulnerability in Google Chrome on Android
CVE-2024-10826

8.8HIGH

Key Information:

Vendor: Google
Status: Chrome
Vendor: CVE Published:; 6 November 2024

Summary

A use after free vulnerability exists in the Family Experiences component of Google Chrome for Android prior to version 130.0.6723.116. This vulnerability may enable a remote attacker to exploit heap corruption through a specially crafted HTML page. Attackers can leverage this flaw to compromise system integrity and potentially execute unauthorized actions. It is crucial for users to update their browser to the latest version to protect against this vulnerability.

References

https://chromereleases.googleblog.com/2024/11/stable-chan...

https://issues.chromium.org/issues/370217726

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 6, 2024

Collectors

NVD DatabaseGoogle Feed