CVE-2024-1283Out-of-bounds Write in Google Chrome

CWE-787Out-of-bounds WriteCWE-122Heap-based Buffer OverflowCWE-1283Mutable Attestation or Measurement Reporting Data13 documents9 sources
Severity
9.8CRITICALNVD
EPSS
2.7%
top 14.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Google ChromeChromiumFedoraproject Fedora
Timeline
PublishedFeb 7
Latest updateJun 11

Description

Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

CVEListV5google/chrome121.0.6167.160121.0.6167.160
NVDgoogle/chrome< 121.0.6167.160
Debianchromium/chromium< 121.0.6167.160-1~deb12u1+2

Also affects: Fedora 38, 39

🔴Vulnerability Details

3
GHSA
GHSA-7mgj-p9v3-3vxr: Heap buffer overflow in Skia in Google Chrome prior to 1212024-02-07
OSV
CVE-2024-1283: Heap buffer overflow in Skia in Google Chrome prior to 1212024-02-07
CVEList
CVE-2024-1283: Heap buffer overflow in Skia in Google Chrome prior to 1212024-02-06

📋Vendor Advisories

4
Microsoft
tpm2 does not detect if quote was not generated by TPM2024-06-11
Chrome
Long Term Support Channel Update for ChromeOS: CVE-2024-12832024-02-21
Microsoft
Chromium: CVE-2024-1283 Heap buffer overflow in Skia2024-02-13
Debian
CVE-2024-1283: chromium - Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a ...2024

🕵️Threat Intelligence

5
Bleepingcomputer
Microsoft February 2024 Patch Tuesday fixes 2 zero-days, 73 flaws2024-02-13
Trendmicro
The February 2024 Security Update Review2024-02-12
Trendmicro
The February 2024 Security Update Review2024-02-12
Trendmicro
The February 2024 Security Update Review2024-02-12
Trendmicro
The February 2024 Security Update Review2024-02-12
CVE-2024-1283 — Out-of-bounds Write in Google Chrome | cvebase