Use after free in Translate in Google Chrome prior to 131.0.6778.139 allowed remote attacker to potentially exploit heap corruption via crafted HTML page (Chromium security severity: High)
CVE-2024-12382

8.8HIGH

Key Information:

Vendor
Google
Status
Chrome
Vendor
CVE Published:
12 December 2024

Badges

📈 Score: 1,340📰 News Worthy

What is CVE-2024-12382?

CVE-2024-12382 is a high-severity vulnerability affecting Google Chrome, specifically in its Translate feature. This flaw allows for a use-after-free condition, which can enable remote attackers to exploit heap corruption through crafted HTML pages. The implications of this vulnerability are significant, as it threatens the integrity and security of Chrome users by potentially allowing unauthorized access or control over affected systems.

Technical Details

The vulnerability arises from a use-after-free issue in Chromium, the open-source foundation of Google Chrome, which can lead to memory corruption. The specific version affected is prior to 131.0.6778.139. When a user visits a compromised page, an attacker can leverage this vulnerability to manipulate memory, possibly executing arbitrary code in the context of the browser. This flaw underscores the importance of careful memory management in software development, particularly in widely used applications like web browsers.

Potential Impact of CVE-2024-12382

  1. Remote Code Execution: Exploiting this vulnerability could allow attackers to execute arbitrary code on the user's machine, potentially leading to full system compromise.

  2. Data Theft: Compromised systems may expose sensitive user data, leading to unauthorized access to personal information or corporate data.

  3. Disruption of Services: Attackers may use this vulnerability to disrupt browser functionality, which can hinder productivity and user experience for organizations reliant on web-based applications.

Affected Version(s)

Chrome 131.0.6778.139

News Articles

favicon imageDataconomy

Update Chrome immediately: Two high-risk vulnerabilities revealed

Google has identified two high-severity vulnerabilities in its Chrome web browser, specifically CVE-2024-12381 and CVE-2024-12382, prompting an urgent call

favicon imageForbes

Update Chrome Now—Google Warns Of 2 New High-Risk Vulnerabilities

Two new high-severity Chrome browser security vulnerabilities have been confirmed by Google—ensure you update and activate the new protections now.

References

https://chromereleases.googleblog.com/2024/12/stable-chan...
https://issues.chromium.org/issues/379516109

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • 📰

    First article discovered by Forbes

  • Vulnerability Reserved

.