CVE-2024-3159Improper Restriction of Operations within the Bounds of a Memory Buffer in Google Chrome

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-125Out-of-bounds Read16 documents9 sources
Severity
8.8HIGHNVD
EPSS
6.3%
top 9.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Google ChromeChromiumDebian Chromium+3 more
Timeline
PublishedApr 6
Latest updateAug 26

Description

Out of bounds memory access in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages7 packages

CVEListV5google/chrome123.0.6312.105123.0.6312.105
NVDgoogle/chrome< 123.0.6312.105
debiandebian/chromium< chromium 123.0.6312.105-1~deb12u1 (bookworm)
Debianchromium/chromium< 123.0.6312.105-1~deb12u1+2

🔴Vulnerability Details

2
OSV
CVE-2024-3159: Out of bounds memory access in V8 in Google Chrome prior to 1232024-04-06
GHSA
GHSA-mh2p-2x66-3hr4: Out of bounds memory access in V8 in Google Chrome prior to 1232024-04-06

📋Vendor Advisories

3
Microsoft
Chromium: CVE-2024-3159 Out of bounds memory access in V82024-04-09
Chrome
Stable Channel Update for Desktop: CVE-2024-31562024-04-02
Debian
CVE-2024-3159: chromium - Out of bounds memory access in V8 in Google Chrome prior to 123.0.6312.105 allow...2024

🕵️Threat Intelligence

9
Bleepingcomputer
Google tags a tenth Chrome zero-day as exploited this year2024-08-26
Bleepingcomputer
Google fixes ninth Chrome zero-day tagged as exploited this year2024-08-21
Bleepingcomputer
Google fixes eighth actively exploited Chrome zero-day this year2024-05-24
Bleepingcomputer
Google fixes third actively exploited Chrome zero-day in a week2024-05-15
Bleepingcomputer
Google Chrome emergency update fixes 6th zero-day exploited in 20242024-05-14

💬Community

1
Bugzilla
CVE-2024-35837 kernel: net: mvpp2: clear BM pool before initialization2024-05-17
CVE-2024-3159 — Google Chrome vulnerability | cvebase