CVE-2024-3158 — Use After Free in Google Chrome

CWE-416 — Use After Free9 documents8 sources

Severity

8.8HIGHNVD

EPSS

1.4%

top 19.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Chromium Debian Chromium +3 more

Timeline

PublishedApr 6

Latest updateApr 9

Description

Use after free in Bookmarks in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages7 packages

▶CVEListV5google/chrome123.0.6312.105 — 123.0.6312.105

▶NVDgoogle/chrome< 123.0.6312.105

▶googlegoogle/chrome_chrome

▶debiandebian/chromium< chromium 123.0.6312.105-1~deb12u1 (bookworm)

▶Debianchromium/chromium< 123.0.6312.105-1~deb12u1+2

🔴Vulnerability Details

OSV

CVE-2024-3158: Use after free in Bookmarks in Google Chrome prior to 123↗2024-04-06

▶

GHSA

GHSA-r9g8-4h9q-3jfp: Use after free in Bookmarks in Google Chrome prior to 123↗2024-04-06

▶

📋Vendor Advisories

Microsoft

Chromium: CVE-2024-3158 Use after free in Bookmarks↗2024-04-09

▶

Chrome

Stable Channel Update for Desktop: CVE-2024-3156↗2024-04-02

▶

Debian

CVE-2024-3158: chromium - Use after free in Bookmarks in Google Chrome prior to 123.0.6312.105 allowed a r...↗2024

▶

🕵️Threat Intelligence

Trendmicro

The April 2024 Security Updates Review↗2024-04-09

▶

Bleepingcomputer

Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs↗2024-04-09

▶

Trendmicro

The April 2024 Security Updates Review↗2024-04-09

▶