Heap Corruption Vulnerability in Google Chrome on Windows
CVE-2024-11112

8.8HIGH

Key Information:

Vendor: Google
Status: Chrome
Vendor: CVE Published:; 12 November 2024

Summary

A vulnerability exists in Google Chrome's media handling that permits a remote attacker to exploit heap corruption issues. This occurs specifically in versions of Chrome for Windows prior to 131.0.6778.69. The vulnerability can be triggered via a specially crafted HTML page, potentially leading to unauthorized actions and compromised system integrity. Users are recommended to keep their browsers updated to the latest versions in order to mitigate any risks associated with such vulnerabilities.

References

https://chromereleases.googleblog.com/2024/11/stable-chan...

https://issues.chromium.org/issues/354824998

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 12, 2024

Collectors

NVD DatabaseGoogle Feed