CVE-2024-3833
published 2024-04-17CVE-2024-3833: Object corruption in WebAssembly in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML…
PriorityP358high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
14.96%
96.3th percentile
Object corruption in WebAssembly in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chromium | chromium | >= 0 < 124.0.6367.60-1~deb12u1 | 124.0.6367.60-1~deb12u1 |
| chromium | chromium | >= 0 < 124.0.6367.60-1 | 124.0.6367.60-1 |
| chromium | chromium | >= 0 < 124.0.6367.60-1 | 124.0.6367.60-1 |
| debian | chromium | < chromium 124.0.6367.60-1~deb12u1 (bookworm) | chromium 124.0.6367.60-1~deb12u1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| chrome | < 124.0.6367.60 | 124.0.6367.60 | |
| chrome | >= 124.0.6367.60 < 124.0.6367.60 | 124.0.6367.60 | |
| chrome_chrome | — | — | |
| msrc | microsoft_edge | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv8.8HIGH
vendor_debian8.8HIGH
vendor_msrc8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jfh3-f27x-p9gp: Object corruption in WebAssembly in Google Chrome prior to 124
ghsa_unreviewed·2024-04-17
CVE-2024-3833 [HIGH] CWE-374 GHSA-jfh3-f27x-p9gp: Object corruption in WebAssembly in Google Chrome prior to 124
Object corruption in WebAssembly in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
OSV
CVE-2024-3833: Object corruption in WebAssembly in Google Chrome prior to 124
osv·2024-04-17·CVSS 8.8
CVE-2024-3833 [HIGH] CVE-2024-3833: Object corruption in WebAssembly in Google Chrome prior to 124
Object corruption in WebAssembly in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
Chrome
Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2024-3832
vendor_chrome·2024-05-01·CVSS 8.8
CVE-2024-3832 [HIGH] Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2024-3832
Stable Channel Update for ChromeOS / ChromeOS Flex
CVE-2024-3832: Object corruption in V8. Reported by Man Yue Mo of GitHub Security Lab on 2024-03-27 [$10000][ 331383939 ] High CVE-2024-3833: Object corruption in WebAssembly
Reported by Man Yue Mo of GitHub Security Lab on 2024-03-27 [N/A][ 330759272 ] High CVE-2024-3914: Use after free in V8
Severity: high
Chrome
Stable Channel Update for Desktop: CVE-2024-2625
vendor_chrome·2024-04-16·CVSS 8.8
CVE-2024-2625 [HIGH] Stable Channel Update for Desktop: CVE-2024-2625
Stable Channel Update for Desktop
CVE-2024-2625: Object lifecycle issue in V8. Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team on 2024-03-01 and CFF of Topsec Alpha Team on 2023-09-14 [$20000][ 331358160 ] High CVE-2024-3832: Object corruption in V8
Reported by Man Yue Mo of GitHub Security Lab on 2024-03-27 [$10000][ 331383939 ] High CVE-2024-3833: Object corruption in WebAssembly
Severity: high
Microsoft
Chromium: CVE-2024-3833 Object corruption in WebAssembly
vendor_msrc·2024-04-09·CVSS 8.8
CVE-2024-3833 [HIGH] Chromium: CVE-2024-3833 Object corruption in WebAssembly
Chromium: CVE-2024-3833 Object corruption in WebAssembly
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browser?
In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
Click on Help and Feedback
Click on About Microsoft Edge
F
Debian
CVE-2024-3833: chromium - Object corruption in WebAssembly in Google Chrome prior to 124.0.6367.60 allowed...
vendor_debian·2024·CVSS 8.8
CVE-2024-3833 [HIGH] CVE-2024-3833: chromium - Object corruption in WebAssembly in Google Chrome prior to 124.0.6367.60 allowed...
Object corruption in WebAssembly in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
Scope: local
bookworm: resolved (fixed in 124.0.6367.60-1~deb12u1)
bullseye: open
forky: resolved (fixed in 124.0.6367.60-1)
sid: resolved (fixed in 124.0.6367.60-1)
trixie: resolved (fixed in 124.0.6367.60-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.htmlhttps://issues.chromium.org/issues/331383939https://lists.fedoraproject.org/archives/list/[email protected]/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/https://lists.fedoraproject.org/archives/list/[email protected]/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7/https://lists.fedoraproject.org/archives/list/[email protected]/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ/https://lists.fedoraproject.org/archives/list/[email protected]/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/https://lists.fedoraproject.org/archives/list/[email protected]/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/https://lists.fedoraproject.org/archives/list/[email protected]/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.htmlhttps://issues.chromium.org/issues/331383939https://lists.fedoraproject.org/archives/list/[email protected]/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/https://lists.fedoraproject.org/archives/list/[email protected]/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7/https://lists.fedoraproject.org/archives/list/[email protected]/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ/https://lists.fedoraproject.org/archives/list/[email protected]/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/https://lists.fedoraproject.org/archives/list/[email protected]/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/https://lists.fedoraproject.org/archives/list/[email protected]/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/
2024-04-17
Published