Lucene search

K

Redhat.comRH:CVE-2024-5274

HistoryMay 29, 2024 - 3:54 p.m.

CVE-2024-5274

2024-05-2915:54:01

redhat.com

access.redhat.com

7

cve-2024-5274; type confusion; v8; google chrome; remote attacker; arbitrary code; sandbox; crafted html page; mitigation; alternative web browser; trusted sites

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.6%

Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Mitigation

Until updated packages are released for Fedora and EPEL, consider temporarily swapping to an alternative web browser such as Firefox or severely restricting activity to sites you known well and trust.

References

bugzilla.redhat.com/show_bug.cgi?id=2283082

chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_23.html

issues.chromium.org/issues/341663589

nvd.nist.gov/vuln/detail/CVE-2024-5274

www.cve.org/CVERecord?id=CVE-2024-5274

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.6%

Related for RH:CVE-2024-5274

mageia1 openvas9 mscve1 nessus10 freebsd2 osv2 wolfi1 fedora2 cisa_kev1 alpinelinux1 kaspersky3 cve1 debiancve1 ubuntucve1 nvd1 vulnrichment1 chrome1 debian1 cvelist1 veracode1 attackerkb1 qualysblog1 thn1