CVE-2024-4558: Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page…

critical9.6CVSS 3.1

AVNACLPRNUIRSCCHIHAH

Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Affected

20 ranges

Vendor	Product	Version range	Fixed in
apple	ios_17.6_and_ipados	—	—
apple	ipados	< 17.6	17.6
apple	iphone_os	< 17.6	17.6
apple	macos	< 14.6	14.6
apple	macos_sonoma	—	—
apple	safari	< 17.6	17.6
apple	safari	—	—
chromium	chromium	>= 0 < 124.0.6367.155-1~deb12u1	124.0.6367.155-1~deb12u1
chromium	chromium	>= 0 < 124.0.6367.155-1	124.0.6367.155-1
chromium	chromium	>= 0 < 124.0.6367.155-1	124.0.6367.155-1
debian	chromium	< chromium 124.0.6367.155-1~deb12u1 (bookworm)	chromium 124.0.6367.155-1~deb12u1 (bookworm)
debian	webkit2gtk	< chromium 124.0.6367.155-1~deb12u1 (bookworm)	chromium 124.0.6367.155-1~deb12u1 (bookworm)
debian	wpewebkit	< chromium 124.0.6367.155-1~deb12u1 (bookworm)	chromium 124.0.6367.155-1~deb12u1 (bookworm)
fedoraproject	fedora	—	—
fedoraproject	fedora	—	—
fedoraproject	fedora	—	—
google	chrome	< 124.0.6367.155	124.0.6367.155
google	chrome	>= 124.0.6367.155 < 124.0.6367.155	124.0.6367.155
google	chrome_chrome	—	—
msrc	microsoft_edge	—	—

CVSS provenance

nvdv3.19.6CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

osv9.6CRITICAL