Remote attacker can access out-of-bounds memory via crafted HTML page in Google Chrome prior to 128.0.6613.84
CVE-2024-7966
Key Information:
Badges
What is CVE-2024-7966?
A vulnerability exists in the Skia component of Google Chrome that enables out of bounds memory access. This weakness allows a remote attacker, who has compromised the renderer process, to exploit a crafted HTML page to access portions of memory that should not be reachable. Such vulnerabilities may lead to potential data leakage or arbitrary code execution under certain conditions. Users are urged to update to the latest version of the browser to mitigate the risk associated with this vulnerability. Further details can be found in the security update release notes and issue tracking.
Affected Version(s)
Chrome 128.0.6613.84
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.