CVE-2024-2627Use After Free in Google Chrome

CWE-416Use After FreeCWE-456Missing Initialization of a VariableCWE-369Divide By Zero9 documents8 sources
Severity
8.8HIGHNVD
EPSS
0.7%
top 27.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Google ChromeChromiumFedoraproject Fedora
Timeline
PublishedMar 20
Latest updateAug 26

Description

Use after free in Canvas in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5google/chrome123.0.6312.58123.0.6312.58
NVDgoogle/chrome< 123.0.6312.58
Debianchromium/chromium< 123.0.6312.86-1~deb12u1+2

Also affects: Fedora 38, 39, 40

🔴Vulnerability Details

3
OSV
CVE-2024-2627: Use after free in Canvas in Google Chrome prior to 1232024-03-20
CVEList
CVE-2024-2627: Use after free in Canvas in Google Chrome prior to 1232024-03-20
GHSA
GHSA-7gq4-2ph9-c8g7: Use after free in Canvas in Google Chrome prior to 1232024-03-20

📋Vendor Advisories

5
Red Hat
kernel: padata: Fix possible divide-by-0 panic in padata_mt_helper()2024-08-26
Chrome
Stable Channel Update for Desktop: CVE-2024-26262024-03-19
Red Hat
kernel: nbd: always initialize struct msghdr completely2024-03-18
Microsoft
Chromium: CVE-2024-2627 Use after free in Canvas2024-03-12
Debian
CVE-2024-2627: chromium - Use after free in Canvas in Google Chrome prior to 123.0.6312.58 allowed a remot...2024
CVE-2024-2627 — Use After Free in Google Chrome | cvebase