CVE-2024-3156 — Out-of-bounds Read in Google Chrome

CWE-125 — Out-of-bounds Read9 documents8 sources

Severity

8.8HIGHNVD

EPSS

2.1%

top 16.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Chromium Debian Chromium +3 more

Timeline

PublishedApr 6

Latest updateApr 9

Description

Inappropriate implementation in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages7 packages

▶CVEListV5google/chrome123.0.6312.105 — 123.0.6312.105

▶NVDgoogle/chrome< 123.0.6312.105

▶googlegoogle/chrome_chrome

▶debiandebian/chromium< chromium 123.0.6312.105-1~deb12u1 (bookworm)

▶Debianchromium/chromium< 123.0.6312.105-1~deb12u1+2

🔴Vulnerability Details

OSV

CVE-2024-3156: Inappropriate implementation in V8 in Google Chrome prior to 123↗2024-04-06

▶

GHSA

GHSA-g47c-q844-rxj3: Inappropriate implementation in V8 in Google Chrome prior to 123↗2024-04-06

▶

📋Vendor Advisories

Microsoft

Chromium: CVE-2024-3156 Inappropriate implementation in V8↗2024-04-09

▶

Chrome

Stable Channel Update for Desktop: CVE-2024-3156↗2024-04-02

▶

Debian

CVE-2024-3156: chromium - Inappropriate implementation in V8 in Google Chrome prior to 123.0.6312.105 allo...↗2024

▶

🕵️Threat Intelligence

Trendmicro

The April 2024 Security Updates Review↗2024-04-09

▶

Bleepingcomputer

Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs↗2024-04-09

▶

Trendmicro

The April 2024 Security Updates Review↗2024-04-09

▶