CVE-2024-0808Integer Underflow (Wrap or Wraparound) in Google Chrome

CWE-191Integer Underflow (Wrap or Wraparound)7 documents7 sources
Severity
9.8CRITICALNVD
EPSS
0.3%
top 42.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Google ChromeChromiumDebian Linux+1 more
Timeline
PublishedJan 24
Latest updateFeb 16

Description

Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

CVEListV5google/chrome121.0.6167.85121.0.6167.85
NVDgoogle/chrome< 121.0.6167.85
Debianchromium/chromium< 121.0.6167.85-1~deb12u1+2

Also affects: Debian Linux 11.0, Fedora 38, 39

🔴Vulnerability Details

3
OSV
CVE-2024-0808: Integer underflow in WebUI in Google Chrome prior to 1212024-01-24
GHSA
GHSA-x83f-9m8f-428q: Integer underflow in WebUI in Google Chrome prior to 1212024-01-24
CVEList
CVE-2024-0808: Integer underflow in WebUI in Google Chrome prior to 1212024-01-23

📋Vendor Advisories

3
Chrome
Long Term Support Channel Update for ChromeOS: CVE-2024-08082024-02-16
Microsoft
Chromium: CVE-2024-0808 Integer underflow in WebUI2024-01-09
Debian
CVE-2024-0808: chromium - Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a rem...2024
CVE-2024-0808 — Integer Underflow (Wrap or Wraparound) | cvebase