CVE-2024-5841

2024-06-1121:15:55

Google

osv.dev

google chrome

use after free

heap corruption

remote attacker

crafted html page

medium severity

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.0%

JSON

Use after free in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

CPENameOperatorVersion
chromiumeq119.0.6045.199-1
chromiumeq100.0.4896.88-1~deb11u1
chromiumeq106.0.5249.119-1~deb11u1
chromiumeq87.0.4280.88-0.4~deb10u1
chromiumeq103.0.5060.114-1
chromiumeq122.0.6261.111-1~deb12u1
chromiumeq80.0.3987.122-2
chromiumeq101.0.4951.64-1~deb11u1
chromiumeq121.0.6167.160-1
chromiumeq88.0.4324.146-1~deb10u1

Name	Operator	Version
chromium	eq	119.0.6045.199-1
chromium	eq	100.0.4896.88-1~deb11u1
chromium	eq	106.0.5249.119-1~deb11u1
chromium	eq	87.0.4280.88-0.4~deb10u1
chromium	eq	103.0.5060.114-1
chromium	eq	122.0.6261.111-1~deb12u1
chromium	eq	80.0.3987.122-2
chromium	eq	101.0.4951.64-1~deb11u1
chromium	eq	121.0.6167.160-1
chromium	eq	88.0.4324.146-1~deb10u1