Lucene search

K
osvGoogleOSV:CVE-2024-4671
HistoryMay 14, 2024 - 3:44 p.m.

CVE-2024-4671

2024-05-1415:44:15
Google
osv.dev
5
google chrome
visuals
use after free
remote attacker
sandbox escape
html page
cve-2024-4671
software

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

6.1

Confidence

High

EPSS

0.001

Percentile

42.0%

Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

6.1

Confidence

High

EPSS

0.001

Percentile

42.0%