Lucene search

GoogleOSV:CVE-2024-1284

HistoryFeb 07, 2024 - 12:15 a.m.

CVE-2024-1284

2024-02-0700:15:56

Google

osv.dev

mojo

google chrome

cve-2024-1284

heap corruption

html page

chromium security

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

36.3%

JSON

Use after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

References

chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop.html

issues.chromium.org/issues/41494539

lists.fedoraproject.org/archives/list/[email protected]/message/KN32XXNHIR6KBS4BYQTZV2JQFN4D6ZSE/

lists.fedoraproject.org/archives/list/[email protected]/message/WSCIL2WH2L4R4KWSRCTDWBPAMOJIYBJE/

security-tracker.debian.org/tracker/CVE-2024-1284

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

36.3%

JSON

Related for OSV:CVE-2024-1284