Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:OPENSUSE-SU-2024:0258-2
HistoryAug 23, 2024 - 9:15 a.m.

Security update for chromium

2024-08-2309:15:52
Google
osv.dev

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

High

JSON

This update for chromium fixes the following issues:

  • Chromium 128.0.6613.84 (boo#1229591)
    • CVE-2024-7964: Use after free in Passwords
    • CVE-2024-7965: Inappropriate implementation in V8
    • CVE-2024-7966: Out of bounds memory access in Skia
    • CVE-2024-7967: Heap buffer overflow in Fonts
    • CVE-2024-7968: Use after free in Autofill
    • CVE-2024-7969: Type Confusion in V8
    • CVE-2024-7971: Type confusion in V8
    • CVE-2024-7972: Inappropriate implementation in V8
    • CVE-2024-7973: Heap buffer overflow in PDFium
    • CVE-2024-7974: Insufficient data validation in V8 API
    • CVE-2024-7975: Inappropriate implementation in Permissions
    • CVE-2024-7976: Inappropriate implementation in FedCM
    • CVE-2024-7977: Insufficient data validation in Installer
    • CVE-2024-7978: Insufficient policy enforcement in Data Transfer
    • CVE-2024-7979: Insufficient data validation in Installer
    • CVE-2024-7980: Insufficient data validation in Installer
    • CVE-2024-7981: Inappropriate implementation in Views
    • CVE-2024-8033: Inappropriate implementation in WebApp Installs
    • CVE-2024-8034: Inappropriate implementation in Custom Tabs
    • CVE-2024-8035: Inappropriate implementation in Extensions
    • Various fixes from internal audits, fuzzing and other initiatives

References

Related

nessus 7
chrome 2
openvas 5
osv 21
freebsd 1
kaspersky 4
redos 1
cve 18
wolfi 19
cvelist 16
nvd 19
mscve 17
attackerkb 2
vulnrichment 18
debiancve 18
cisa_kev 2
malwarebytes 1
talosblog 1
ubuntucve 13
alpinelinux 10
redhatcve 2
githubexploit 1
schneier 1
nessus
nessus
Google Chrome < 128.0.6613.84 Multiple Vulnerabilities
2024-08-21 00:00:00
Google Chrome < 128.0.6613.84 Multiple Vulnerabilities
2024-08-21 00:00:00
FreeBSD : chromium -- multiple security fixes (b339992e-6059-11ef-8a0f-a8a1599412c6)
2024-08-22 00:00:00
chrome
chrome
Stable Channel Update for Desktop
2024-08-21 00:00:00
Stable Channel Update for ChromeOS / ChromeOS Flex
2024-09-09 00:00:00
openvas
openvas
openSUSE: Security Advisory for chromium (openSUSE-SU-2024:0258-1)
2024-08-24 00:00:00
Google Chrome Security Update (stable-channel-update-for-desktop_21-2024-08) - Mac OS X
2024-08-22 00:00:00
Debian: Security Advisory (DSA-5757-1)
2024-08-26 00:00:00
osv
osv
Security update for chromium
2024-08-23 09:15:52
chromedriver-128.0.6613.84-1.1 on GA media
2024-08-23 00:00:00
chromium - security update
2024-08-23 00:00:00
freebsd
freebsd
chromium -- multiple security fixes
2024-08-21 00:00:00
kaspersky
kaspersky
KLA71709 Multiple vulnerability in Google Chrome
2024-07-22 00:00:00
KLA71827 Multiple vulnerabilities in Microsoft Browser
2024-08-22 00:00:00
KLA72043 DoS vulnerability in Opera
2024-09-02 00:00:00
redos
redos
ROS-20240917-01
2024-09-17 00:00:00
cve
cve
CVE-2024-7965
2024-08-21 21:15:08
CVE-2024-8033
2024-08-21 21:15:09
CVE-2024-7964
2024-08-21 21:15:08
wolfi
wolfi
CVE-2024-7964 vulnerabilities
2024-09-19 09:11:50
CVE-2024-7965 vulnerabilities
2024-09-19 09:11:50
CVE-2024-8033 vulnerabilities
2024-09-19 09:11:50
cvelist
cvelist
CVE-2024-7964
2024-08-21 20:20:23
CVE-2024-8033
2024-08-21 20:20:26
CVE-2024-7972
2024-08-21 20:20:24
nvd
nvd
CVE-2024-7964
2024-08-21 21:15:08
CVE-2024-8033
2024-08-21 21:15:09
CVE-2024-7971
2024-08-21 21:15:09
mscve
mscve
Chromium: CVE-2024-7964 Use after free in Passwords
2024-08-22 07:00:00
Chromium: CVE-2024-7965 Inappropriate implementation in V8
2024-08-22 07:00:00
Chromium: CVE-2024-8033 Inappropriate implementation in WebApp Installs
2024-08-22 07:00:00
attackerkb
attackerkb
CVE-2024-7965
2024-08-21 00:00:00
CVE-2024-7971
2024-08-21 00:00:00
vulnrichment
vulnrichment
CVE-2024-7965
2024-08-21 20:20:23
CVE-2024-8033
2024-08-21 20:20:26
CVE-2024-7964
2024-08-21 20:20:23
debiancve
debiancve
CVE-2024-8033
2024-08-21 21:15:09
CVE-2024-7964
2024-08-21 21:15:08
CVE-2024-7972
2024-08-21 21:15:09
cisa_kev
cisa_kev
Google Chromium V8 Inappropriate Implementation Vulnerability
2024-08-28 00:00:00
Google Chromium V8 Type Confusion Vulnerability
2024-08-26 00:00:00
malwarebytes
malwarebytes
Google patches actively exploited zero-day in Chrome. Update now!
2024-08-22 14:12:15
talosblog
talosblog
The best and worst ways to get users to improve their account security
2024-09-05 18:00:02
ubuntucve
ubuntucve
CVE-2024-8033
2024-08-21 00:00:00
CVE-2024-7964
2024-08-21 00:00:00
CVE-2024-7980
2024-08-21 00:00:00
alpinelinux
alpinelinux
CVE-2024-7971
2024-08-21 21:15:09
CVE-2024-7968
2024-08-21 21:15:09
CVE-2024-7972
2024-08-21 21:15:09
redhatcve
redhatcve
CVE-2024-7965
2024-08-28 17:10:05
CVE-2024-7971
2024-08-27 19:10:28
githubexploit
githubexploit
Exploit for Improperly Implemented Security Check for Standard in Google Chrome
2024-09-16 19:04:57
schneier
schneier
New Chrome Zero-Day
2024-09-10 11:04:29

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

High

JSON
Related for OSV:OPENSUSE-SU-2024:0258-2
nessus7chrome2openvas5osv21freebsd1kaspersky4redos1cve18wolfi19cvelist16nvd19mscve17attackerkb2vulnrichment18debiancve18cisa_kev2malwarebytes1talosblog1ubuntucve13alpinelinux10redhatcve2githubexploit1schneier1