Lucene search

K

Veracode Vulnerability DatabaseVERACODE:45735

HistoryMar 04, 2024 - 4:22 a.m.

Type Confusion

2024-03-0404:22:14

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

14

type confusion

google chrome

v8 engine

vulnerability

remote attacker

crafted html page

security issues

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.1

Confidence

Low

EPSS

0

Percentile

15.5%

Google Chrome is vulnerable to Type Confusion. The vulnerability is due to type confusion in the V8 engine of Google Chrome versions prior to 122.0.6261.94. A remote attacker could potentially exploit this by using a crafted HTML page to corrupt objects, leading to security issues.

References

chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_27.html

issues.chromium.org/issues/323694592

lists.fedoraproject.org/archives/list/[email protected]/message/FGWSP5MIK7CDWJQHN2SJJX2YGSSS7E4O/

lists.fedoraproject.org/archives/list/[email protected]/message/L6KJCEJWJR5Z54Z75LRJGELDNMFDKLZG/

lists.fedoraproject.org/archives/list/[email protected]/message/YTGM2WHYSZAUUPENB7YO6E5ONAKE6AKJ/

security-tracker.debian.org/tracker/CVE-2024-1939

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.1

Confidence

Low

EPSS

0

Percentile

15.5%

Related for VERACODE:45735

cve1 mscve1 vulnrichment1 githubexploit1 debiancve1 nvd1 osv2 ubuntucve1 cvelist1 prion1 fedora122 openvas66