Use after free in Translate in Google Chrome prior to 131.0.6778.139 allowed remote attacker to potentially exploit heap corruption via crafted HTML page (Chromium security severity: High)
CVE-2024-12382

8.8HIGH

Key Information:

Vendor
Google
Status
Chrome
Vendor
CVE Published:
12 December 2024

Badges

📰 News Worthy

Summary

A vulnerability exists in Google Chrome that allows for use after free conditions in the Translate feature. This flaw may enable an attacker to exploit heap corruption by crafting a specially designed HTML page, potentially compromising the security of systems running affected versions of the browser. Users are encouraged to update to the latest release to mitigate risks associated with this vulnerability.

Affected Version(s)

Chrome 131.0.6778.139

News Articles

favicon imageDataconomy

Update Chrome immediately: Two high-risk vulnerabilities revealed

Google has identified two high-severity vulnerabilities in its Chrome web browser, specifically CVE-2024-12381 and CVE-2024-12382, prompting an urgent call

1 month ago

favicon imageForbes

Update Chrome Now—Google Warns Of 2 New High-Risk Vulnerabilities

Two new high-severity Chrome browser security vulnerabilities have been confirmed by Google—ensure you update and activate the new protections now.

1 month ago

References

https://chromereleases.googleblog.com/2024/12/stable-chan...
https://issues.chromium.org/issues/379516109

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • 📰

    First article discovered by Forbes

  • Vulnerability Reserved

.