Lucene search

K
ubuntucveUbuntu.comUB:CVE-2024-2887
HistoryMar 26, 2024 - 12:00 a.m.

CVE-2024-2887

2024-03-2600:00:00
ubuntu.com
ubuntu.com
23
cve-2024-2887
type confusion
webassembly
google chrome
remote code execution
crafted html
severity high

CVSS3

8.1

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

16.8%

Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86
allowed a remote attacker to execute arbitrary code via a crafted HTML
page. (Chromium security severity: High)

Notes

Author Note
alexmurray The Debian chromium source package is called chromium-browser in Ubuntu
mdeslaur starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap

CVSS3

8.1

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

16.8%