CVE-2024-4949

Use after free in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

CVSS v3 9.6 CRITICAL

9.6^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_15.html
https://issues.chromium.org/issues/326607001
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NTSN22LNYXMWHVTYNOYQVOY7VDZFHENQ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSUWM73ZCXTN62AT2REYQDD5ZKPFMDZD/

Configurations

No configuration.

History

No history.

Information

Published : 2024-05-15 21:15

Updated : 2024-07-03 02:08

NVD link : CVE-2024-4949

Mitre link : CVE-2024-4949

CVE.ORG link : CVE-2024-4949

JSON object : View

Products Affected

No product.

CWE

CWE-416

Use After Free

9.6 /10