CVE-2024-5839

2024-06-1121:15:54

Google

osv.dev

google chrome

memory allocator

remote exploitation

heap corruption

crafted html page

chromium

security severity

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.9%

JSON

Inappropriate Implementation in Memory Allocator in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

CPENameOperatorVersion
chromiumeq119.0.6045.199-1
chromiumeq100.0.4896.88-1~deb11u1
chromiumeq106.0.5249.119-1~deb11u1
chromiumeq87.0.4280.88-0.4~deb10u1
chromiumeq103.0.5060.114-1
chromiumeq122.0.6261.111-1~deb12u1
chromiumeq80.0.3987.122-2
chromiumeq101.0.4951.64-1~deb11u1
chromiumeq121.0.6167.160-1
chromiumeq88.0.4324.146-1~deb10u1

Name	Operator	Version
chromium	eq	119.0.6045.199-1
chromium	eq	100.0.4896.88-1~deb11u1
chromium	eq	106.0.5249.119-1~deb11u1
chromium	eq	87.0.4280.88-0.4~deb10u1
chromium	eq	103.0.5060.114-1
chromium	eq	122.0.6261.111-1~deb12u1
chromium	eq	80.0.3987.122-2
chromium	eq	101.0.4951.64-1~deb11u1
chromium	eq	121.0.6167.160-1
chromium	eq	88.0.4324.146-1~deb10u1