Remote attacker can access out-of-bounds memory via crafted HTML page in Google Chrome prior to 128.0.6613.84
CVE-2024-7966

8.8HIGH

Key Information:

Vendor

Google
Status
Chrome
Vendor
CVE Published:
21 August 2024

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2024-7966?

A vulnerability exists in the Skia component of Google Chrome that enables out of bounds memory access. This weakness allows a remote attacker, who has compromised the renderer process, to exploit a crafted HTML page to access portions of memory that should not be reachable. Such vulnerabilities may lead to potential data leakage or arbitrary code execution under certain conditions. Users are urged to update to the latest version of the browser to mitigate the risk associated with this vulnerability. Further details can be found in the security update release notes and issue tracking.

Affected Version(s)

Chrome 128.0.6613.84

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Chrome-Skia-CVE-2024-7966
Created by HyHy100

References

https://chromereleases.googleblog.com/2024/08/stable-chan...
https://issues.chromium.org/issues/355465305

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

.
CVE-2024-7966 : Remote attacker can access out-of-bounds memory via crafted HTML page in Google Chrome prior to 128.0.6613.84