type confusion in Chrome prior to 131.0.6778.108
CVE-2024-12053

8.8HIGH

Key Information:

Vendor: Google
Status: Chrome
Vendor: CVE Published:; 3 December 2024

Badges

📰 News Worthy

Summary

The vulnerability CVE-2024-12053 is a type confusion in the V8 Javascript engine of Google Chrome prior to version 131.0.6778.108, with a security severity of High. The nature of the vulnerability allows a remote attacker to potentially exploit object corruption via a crafted HTML page. Google has issued an emergency update for the Chrome browser on all platforms to address this vulnerability. Users are warned to update their browsers immediately to ensure protection. The update for Windows, Mac, and Linux is version 131.0.6778.108, and for Android, it is version 131.0.6778.104. It is recommended for users to ensure that the automatic security update is installed by going to the Help|About option in the Chrome menu and restarting the browser.

Affected Version(s)

Chrome 131.0.6778.108

News Articles

Forbes

CVE-2024-12053

New Google Chrome Security Warning—Update Now

A rare emergency update for the Google Chrome browser, across all platforms, has just dropped—users must update now.

2 months ago

References

https://chromereleases.googleblog.com/2024/12/stable-chan...

https://issues.chromium.org/issues/379009132

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

📰
First article discovered by Forbes
Dec 4, 2024
Vulnerability published
Dec 3, 2024

Key Information:

Badges

Summary

Affected Version(s)

Get notified when SecurityVulnerability.io launches alerting 🔔

News Articles

New Google Chrome Security Warning—Update Now

References

CVSS V3.1

Timeline