Remote Code Execution Vulnerability in Google Chrome Prior to 126.0.6478.114
CVE-2024-6100

8.8HIGH

Key Information:

Vendor: Google
Status: Chrome
Vendor: CVE Published:; 20 June 2024

Badges

📰 News Worthy

What is CVE-2024-6100?

A vulnerability in the V8 JavaScript engine within Google Chrome has been identified, which can be exploited through crafted HTML content. This type confusion flaw enables a remote attacker to execute arbitrary code, potentially compromising the affected system. Security updates have been released addressing this issue, emphasizing the importance of keeping browser software up to date to mitigate risks associated with such vulnerabilities. Users and organizations are advised to review their current Chrome versions and apply necessary updates to protect against potential exploitation.

Affected Version(s)

Chrome 126.0.6478.114

News Articles

WinCert

CVE-2024-6100

Google Chrome 126.0.6478.127 Dual x86x64 Silent

(Adobe Stock) Google has issued a Chrome 126 security update, addressing six vulnerabilities, including a flaw, tracked as CVE-2024-6100 which was demonstrated during the SSD Secure Disclosure’s TyphoonPWN 2024. TyphoonPWN is a live hacking competition held annually at TyphoonCon, an Offensive Se...

References

https://chromereleases.googleblog.com/2024/06/stable-chan...

https://issues.chromium.org/issues/344608204

https://lists.fedoraproject.org/archives/list/package-ann...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by WinCert
Jun 26, 2024
Vulnerability published
Jun 20, 2024