CVE-2024-4671
Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- May 09, 2024
- Published Date
- May 09, 2024
- Last Updated
- February 13, 2025
- Vendor
- Product
- Chrome
- Description
- Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVSS Scores
CVSS v3.1
9.6 - CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
SSVC Information
- Exploitation
- active
- Technical Impact
- total
Exploit Status
- Exploited in the Wild
- Yes (added 2024-05-13 00:00:00 UTC) Source
References
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_9.html
https://issues.chromium.org/issues/339266700
https://lists.fedoraproject.org/archives/list/[email protected]/message/NTSN22LNYXMWHVTYNOYQVOY7VDZFHENQ/
https://lists.fedoraproject.org/archives/list/[email protected]/message/FAWEKDQTHPN7NFEMLIWP7YMIZ2DHF36N/
https://lists.fedoraproject.org/archives/list/[email protected]/message/WSUWM73ZCXTN62AT2REYQDD5ZKPFMDZD/
https://lists.fedoraproject.org/archives/list/[email protected]/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/
https://lists.fedoraproject.org/archives/list/[email protected]/message/BWFSZNNWSQYDRYKNLBDGEXXKMBXDYQ3F/
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2024-05-13 00:00:00 UTC |