CVE-2024-2174Out-of-bounds Write in Google Chrome

CWE-787Out-of-bounds WriteCWE-358Improperly Implemented Security Check for Standard12 documents9 sources
Severity
8.8HIGHNVD
EPSS
0.1%
top 67.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Google ChromeChromiumFedoraproject Fedora
Timeline
PublishedMar 6
Latest updateMar 12

Description

Inappropriate implementation in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5google/chrome122.0.6261.111122.0.6261.111
NVDgoogle/chrome< 122.0.6261.111
Debianchromium/chromium< 122.0.6261.111-1~deb12u1+2

Also affects: Fedora 40

🔴Vulnerability Details

3
GHSA
GHSA-vgj9-5c97-pwx2: Inappropriate implementation in V8 in Google Chrome prior to 1222024-03-06
OSV
CVE-2024-2174: Inappropriate implementation in V8 in Google Chrome prior to 1222024-03-06
CVEList
CVE-2024-2174: Inappropriate implementation in V8 in Google Chrome prior to 1222024-03-06

📋Vendor Advisories

3
Microsoft
Chromium: CVE-2024-2174 Inappropriate implementation in V82024-03-12
Chrome
Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2024-21732024-03-05
Debian
CVE-2024-2174: chromium - Inappropriate implementation in V8 in Google Chrome prior to 122.0.6261.111 allo...2024

🕵️Threat Intelligence

5
Bleepingcomputer
Microsoft March 2024 Patch Tuesday fixes 60 flaws, 18 RCE bugs2024-03-12
Trendmicro
The March 2024 Security Update Review2024-03-12
Trendmicro
The March 2024 Security Update Review2024-03-12
Trendmicro
The March 2024 Security Update Review2024-03-12
Trendmicro
The March 2024 Security Update Review2024-03-12
CVE-2024-2174 — Out-of-bounds Write in Google Chrome | cvebase