Remote Code Execution Vulnerability in Google Chrome Prior to 123.0.6312.86

Summary

A remote code execution vulnerability, CVE-2024-2887, was discovered in Google Chrome prior to version 123.0.6312.86, which allowed a remote attacker to execute arbitrary code via a crafted HTML page. The update to Chrome version 123.0.6312.86/.87 addresses this vulnerability, along with several others, including two zero-day exploits showcased at the Pwn2Own 2024 hacking competition. The vulnerabilities include a use-after-free vulnerability in ANGLE, a cross-platform graphics engine abstraction layer, a high-severity use-after-free issue in Dawn, and two high-severity vulnerabilities involving WebCodecs and WebAssembly. These vulnerabilities revealed at Pwn2Own 2024 highlight the importance of timely updates to mitigate potential risks. Users are encouraged to update their browsers immediately to protect against these vulnerabilities.

News Articles

Greenbone

CVE-2024-2887

CVE-2024-2887 Archive - Greenbone

March 2024 was another eventful month for vulnerabilities and cybersecurity in general. It was the second consecutive month of lapsed Common Vulnerability Exposure (CVE) enrichment putting defenders in a...

7 months ago

SystemTek

CVE-2024-2887

Google Chrome WASM Improper Input Validation Remote Code Execution Vulnerability [CVE-2024-2887]

CVE number CVE-2024-2887 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Google Chrome. User interaction is required to exploit this vulnerability in that...

7 months ago

app.soos.io

CVE-2024-2887

Security software, simplified.

SOOS • Don't get cocky with your app sec. Industry leading app sec, all in one dashboard.

8 months ago

More News...