Lucene search

K

[email protected]NVD:CVE-2024-4331

HistoryMay 01, 2024 - 1:15 p.m.

CVE-2024-4331

2024-05-0113:15:52

CWE-416

[email protected]

web.nvd.nist.gov

7

chrome

vulnerability

picture in picture

heap corruption

html page

remote attacker

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0

Percentile

10.3%

Use after free in Picture In Picture in Google Chrome prior to 124.0.6367.118 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

References

chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_30.html

issues.chromium.org/issues/335003891

lists.fedoraproject.org/archives/list/[email protected]/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/

lists.fedoraproject.org/archives/list/[email protected]/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/

lists.fedoraproject.org/archives/list/[email protected]/message/L7I4FMQSOVTCIIH4XT2MJGEQRUACLPB6/

lists.fedoraproject.org/archives/list/[email protected]/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/

lists.fedoraproject.org/archives/list/[email protected]/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0

Percentile

10.3%

Related for NVD:CVE-2024-4331

alpinelinux1 debiancve1 ubuntucve1 osv4 veracode1 cvelist1 cve1 vulnrichment1 cgr1 mscve1 wolfi1 nessus10 chrome1 openvas11 debian1 kaspersky2 fedora5 mageia1 freebsd2 redos1 rapid7blog1