Heap Corruption Vulnerability in Google Chrome Prior to 124.0.6367.78
CVE-2024-4058

8.8HIGH

Key Information:

Vendor
Google
Status
Chrome
Vendor
CVE Published:
1 May 2024

Badges

๐Ÿ“ˆ Score: 102๐Ÿ‘พ Exploit Exists๐Ÿ“ฐ News Worthy

What is CVE-2024-4058?

CVE-2024-4058 is a critical vulnerability found in Google Chrome prior to version 124.0.6367.78. This vulnerability involves heap corruption due to type confusion within the ANGLE component of the browser. Such a flaw can be exploited by remote attackers through specially crafted HTML pages, potentially compromising the integrity and confidentiality of user data. As Google Chrome is widely used for accessing the internet, this vulnerability poses a significant risk to organizations, particularly those relying on Chrome for secure transactions and communications.

Technical Details

The vulnerability arises from a type confusion error in the ANGLE (Almost Native Graphics Layer Engine) implementation within Google Chrome. This programming error can lead to heap corruption, which allows attackers to manipulate the memory allocated for certain operations. By crafting malicious HTML content, an attacker might exploit this flaw to execute arbitrary code, potentially leading to unauthorized actions on the browser, including data theft or malicious site redirection.

Potential Impact of CVE-2024-4058

  1. Remote Code Execution: Attackers exploiting this vulnerability could execute arbitrary code on the affected system, leading to compromises that range from data theft to complete system control.

  2. Data Breaches: The ability for remote attackers to potentially access sensitive user information may result in significant data breaches, impacting individual users and organizations alike.

  3. Disruption of Services: Successful exploitation may disrupt services and operations reliant on Chrome, affecting productivity and user trust, particularly if the attacks are widespread or lead to noticeable service outages.

Affected Version(s)

Chrome 124.0.6367.78

News Articles

favicon imageHackread

Google Patches Critical Chrome Vulnerability and Additional Flaws

A critical vulnerability (CVE-2024-4058) has been patched in the latest update (version 124). This flaw could allow attackers to take control of your system.

favicon imageSecurity Affairs

Google fixed critical Chrome vulnerability CVE-2024-4058

Google addressed a critical Chrome vulnerability, tracked as CVE-2024-4058, that resides in the ANGLE graphics layer engine.

favicon imageOODA Loop - Intelligence

Google Patches Critical Chrome Vulnerability

Google has released Chrome 124, addressing four vulnerabilities, including a critical security flaw identified as CVE-2024-4058, involving a type confusion bug in the ANGLE graphics layer engine. This critical vulnerability could potentially allow remote attackers to execute arbitrary code or escape...

References

https://chromereleases.googleblog.com/2024/04/stable-chan...
https://issues.chromium.org/issues/332546345
https://lists.fedoraproject.org/archives/list/package-ann...

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • ๐Ÿ‘พ

    Exploit known to exist

  • ๐Ÿ“ฐ

    First article discovered by SecurityWeek

  • Vulnerability Reserved

.