CVE-2024-4671

2024-05-1415:44:15

Google

osv.dev

google chrome

visuals

use after free

remote attacker

sandbox escape

html page

cve-2024-4671

software

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.2%

JSON

Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CPENameOperatorVersion
chromiumeq120.0.6099.71-1~deb12u1
chromiumeq81.0.4044.62-1
chromiumeq122.0.6261.94-1
chromiumeq75.0.3770.90-1
chromiumeq89.0.4389.114-1
chromiumeq114.0.5735.198-1~deb12u1
chromiumeq100.0.4896.75-1
chromiumeq118.0.5993.117-1~deb11u1
chromiumeq120.0.6099.129-1
chromiumeq116.0.5845.96-1

Name	Operator	Version
chromium	eq	120.0.6099.71-1~deb12u1
chromium	eq	81.0.4044.62-1
chromium	eq	122.0.6261.94-1
chromium	eq	75.0.3770.90-1
chromium	eq	89.0.4389.114-1
chromium	eq	114.0.5735.198-1~deb12u1
chromium	eq	100.0.4896.75-1
chromium	eq	118.0.5993.117-1~deb11u1
chromium	eq	120.0.6099.129-1
chromium	eq	116.0.5845.96-1