CVE-2024-1059Use After Free in Google Chrome

CWE-416Use After FreeCWE-1059Insufficient Technical Documentation15 documents11 sources
Severity
8.8HIGHNVD
EPSS
0.7%
top 28.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Google ChromeChromiumFedoraproject Fedora
Timeline
PublishedJan 30
Latest updateApr 11

Description

Use after free in Peer Connection in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5google/chrome121.0.6167.139121.0.6167.139
NVDgoogle/chrome< 121.0.6167.139
Debianchromium/chromium< 121.0.6167.139-1~deb12u1+2

Also affects: Fedora 38, 39

🔴Vulnerability Details

3
GHSA
GHSA-5rrq-v3j5-cwgm: Use after free in Peer Connection in Google Chrome prior to 1212024-01-31
CVEList
CVE-2024-1059: Use after free in Peer Connection in Google Chrome prior to 1212024-01-30
OSV
CVE-2024-1059: Use after free in Peer Connection in Google Chrome prior to 1212024-01-30

💥Exploits & PoCs

1
Exploit-DB
ABB Cylon FLXeon 9.3.4 - System Logs Information Disclosure2025-04-11

📋Vendor Advisories

5
Chrome
Long Term Support Channel Update for ChromeOS: CVE-2024-10592024-03-05
Red Hat
nodejs: improper handling of wildcards in --allow-fs-read and --allow-fs-write2024-02-19
Microsoft
Chromium: CVE-2024-1059 Use after free in WebRTC2024-02-13
Chrome
Stable Channel Update for Desktop: CVE-2024-10772024-01-30
Debian
CVE-2024-1059: chromium - Use after free in Peer Connection in Google Chrome prior to 121.0.6167.139 allow...2024

🕵️Threat Intelligence

5
Bleepingcomputer
Microsoft February 2024 Patch Tuesday fixes 2 zero-days, 73 flaws2024-02-13
Trendmicro
The February 2024 Security Update Review2024-02-12
Trendmicro
The February 2024 Security Update Review2024-02-12
Trendmicro
The February 2024 Security Update Review2024-02-12
Trendmicro
The February 2024 Security Update Review2024-02-12
CVE-2024-1059 — Use After Free in Google Chrome | cvebase