CVE-2024-36342 — Improper Validation of Specified Index, Position, or Offset in Input in Google Chrome Chrome

CWE-1285 — Improper Validation of Specified Index, Position, or Offset in Input CWE-20 — Improper Input Validation3 documents3 sources

Severity

8.8HIGHNVD

EPSS

0.0%

top 90.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Chrome

Timeline

PublishedSep 6

Latest updateJan 27

Description

Improper input validation in the GPU driver could allow an attacker to exploit a heap overflow potentially resulting in arbitrary code execution.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages1 packages

▶googlegoogle/chrome_chrome

🔴Vulnerability Details

GHSA

GHSA-2c2q-27q9-rxpg: Improper input validation in the GPU driver could allow an attacker to exploit a heap overflow potentially resulting in arbitrary code execution↗2025-09-06

▶

📋Vendor Advisories

Chrome

Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2024-36342↗2026-01-27

▶