CVE-2024-11920Out-of-bounds Read in Google Chrome

CWE-125Out-of-bounds ReadCWE-787Out-of-bounds Write4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 82.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome
Timeline
PublishedNov 14

Description

Inappropriate implementation in Dawn in Google Chrome on Mac prior to 130.0.6723.92 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5google/chrome130.0.6723.92130.0.6723.92
NVDgoogle/chrome< 130.0.6723.92

🔴Vulnerability Details

2
GHSA
GHSA-jm26-2m6v-322r: Inappropriate implementation in Dawn in Google Chrome on Mac prior to 1302025-11-14
CVEList
CVE-2024-11920: Inappropriate implementation in Dawn in Google Chrome on Mac prior to 1302025-11-14

📋Vendor Advisories

1
Debian
CVE-2024-11920: chromium - Inappropriate implementation in Dawn in Google Chrome on Mac prior to 130.0.6723...2024
CVE-2024-11920 — Out-of-bounds Read in Google Chrome | cvebase