CVE-2024-1077Use After Free in Google Chrome

CWE-416Use After FreeCWE-476NULL Pointer Dereference14 documents10 sources
Severity
8.8HIGHNVD
EPSS
1.0%
top 22.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Google ChromeChromiumFedoraproject Fedora
Timeline
PublishedJan 30
Latest updateDec 4

Description

Use after free in Network in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5google/chrome121.0.6167.139121.0.6167.139
NVDgoogle/chrome< 121.0.6167.139
Debianchromium/chromium< 121.0.6167.139-1~deb12u1+2

Also affects: Fedora 38, 39

🔴Vulnerability Details

3
GHSA
GHSA-9m57-xv2x-rj9v: Use after free in Network in Google Chrome prior to 1212024-01-31
OSV
CVE-2024-1077: Use after free in Network in Google Chrome prior to 1212024-01-30
CVEList
CVE-2024-1077: Use after free in Network in Google Chrome prior to 1212024-01-30

📋Vendor Advisories

5
Red Hat
kernel: drm/rockchip: vop: Fix a dereferenced before check warning2024-12-04
Microsoft
Chromium: CVE-2024-1077 Use after free in Network2024-02-13
Chrome
Stable Channel Update for Desktop: CVE-2024-10772024-01-30
Chrome
Stable Channel Update for Desktop: CVE-2024-31692024-01-30
Debian
CVE-2024-1077: chromium - Use after free in Network in Google Chrome prior to 121.0.6167.139 allowed a rem...2024

🕵️Threat Intelligence

5
Bleepingcomputer
Microsoft February 2024 Patch Tuesday fixes 2 zero-days, 73 flaws2024-02-13
Trendmicro
The February 2024 Security Update Review2024-02-12
Trendmicro
The February 2024 Security Update Review2024-02-12
Trendmicro
The February 2024 Security Update Review2024-02-12
Trendmicro
The February 2024 Security Update Review2024-02-12
CVE-2024-1077 — Use After Free in Google Chrome | cvebase