Heap Corruption Vulnerability in Google Chrome Prior to 123.0.6312.86
CVE-2024-2885

8.8HIGH

Key Information:

Vendor: Google
Status: Chrome
Vendor: CVE Published:; 26 March 2024

Badges

📰 News Worthy

Summary

A vulnerability exists in the Dawn component of Google Chrome that stems from a use after free condition. This flaw can be exploited by a remote attacker to corrupt the heap by providing a specially crafted HTML page. The issue affects versions of Google Chrome prior to 123.0.6312.86, making it critical for users to update to maintain security and protect against potential heap corruption attacks.

Affected Version(s)

Chrome 123.0.6312.86

News Articles

CVE-2024-2883 CVE-2024-2885

Fedora 39: chromium 2024-0bb0e8f2a0 | LinuxSecurity.com

Fedora Update Notification FEDORA-2024-0bb0e8f2a0 2024-03-29 01:07:30.704833 Name: chromium Product:

9 months ago

thmubnail image

CVE-2024-2883 CVE-2024-2885

Fedora 39: chromium 2024-0bb0e8f2a0 | LinuxSecurity.com

Fedora Update Notification FEDORA-2024-0bb0e8f2a0 2024-03-29 01:07:30.704833 Name: chromium Product:

9 months ago

thmubnail image

CVE-2024-2883 CVE-2024-2885

Fedora 38: chromium 2024-b4dab205d7 | LinuxSecurity.com

Fedora Update Notification FEDORA-2024-b4dab205d7 2024-03-29 02:39:36.209178 Name: chromium Product:

9 months ago

thmubnail image

References

https://chromereleases.googleblog.com/2024/03/stable-chan...

https://issues.chromium.org/issues/328958020

https://lists.fedoraproject.org/archives/list/package-ann...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

📰
First article discovered by Hackhunting
Mar 28, 2024
Vulnerability published
Mar 26, 2024
Vulnerability Reserved
Mar 26, 2024

Collectors

NVD DatabaseMitre DatabaseGoogle Feed5 News Article(s)

.