Lucene search

K
cveChromeCVE-2024-2887
HistoryMar 26, 2024 - 9:15 p.m.

CVE-2024-2887

2024-03-2621:15:53
Chrome
web.nvd.nist.gov
61
27
type confusion
webassembly
google chrome
remote code execution
crafted html page

CVSS3

8.1

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

6.7

Confidence

Low

EPSS

0.001

Percentile

16.8%

Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Affected configurations

Vulners
Vulnrichment
Node
googlechromeRange<123.0.6312.86
VendorProductVersionCPE
googlechrome*cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "Google",
    "product": "Chrome",
    "versions": [
      {
        "version": "123.0.6312.86",
        "status": "affected",
        "lessThan": "123.0.6312.86",
        "versionType": "custom"
      }
    ]
  }
]

Social References

More

CVSS3

8.1

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

6.7

Confidence

Low

EPSS

0.001

Percentile

16.8%