Uninitialized Use Vulnerability in Chrome on Android
CVE-2024-6990

8.8HIGH

Key Information:

Vendor
Google
Status
Chrome
Vendor
CVE Published:
1 August 2024

Badges

📰 News Worthy

Summary

The vulnerability identified as CVE-2024-6990 is a critical issue in Google Chrome on Android prior to version 127.0.6533.88. It involves an uninitialized use in the Dawn graphics abstraction layer, potentially allowing remote attackers to perform out-of-bounds memory access through a crafted HTML page. Google has released a security update addressing this and other vulnerabilities, with the most severe allowing attackers to execute arbitrary code on affected systems. The company has restricted access to detailed information about the bugs until most users have updated their browsers to prevent exploitation. Users are encouraged to update their browsers promptly to mitigate the risk.

Affected Version(s)

Chrome 127.0.6533.88

News Articles

favicon imageTimes of India

Google releases important security update for Chrome: Here’s how to update - Times of India

TECH NEWS : Google released a significant security update for its Chrome browser addressing two high severity vulnerabilities, including CVE-2024-6990, a memory i

5 months ago

favicon imageGBHackers on Security

Chrome Security Update: Patch for Critical Flaw that Leads to Exploitation

Chrome Security's latest update includes three significant security fixes, two of which are classified as high severity and one as critical.

5 months ago

References

https://chromereleases.googleblog.com/2024/07/stable-chan...
https://issues.chromium.org/issues/353034820

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • 📰

    First article discovered by GBHackers on Security

Collectors

NVD DatabaseMitre DatabaseGoogle Feed2 News Article(s)
.