CVE-2024-6779 — Out-of-bounds Write in Google Chrome

CWE-787 — Out-of-bounds Write CWE-125 — Out-of-bounds Read9 documents8 sources

Severity

9.6CRITICALNVD

OSV8.8

EPSS

0.6%

top 30.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Chromium Mozilla Firefox +1 more

Timeline

PublishedJul 16

Latest updateSep 6

Description

Out of bounds memory access in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 2.8 | Impact: 6.0

Affected Packages5 packages

▶CVEListV5google/chrome126.0.6478.182 — 126.0.6478.182

▶NVDgoogle/chrome< 126.0.6478.182

▶Debianchromium/chromium< 126.0.6478.182-1~deb12u1+2

▶Ubuntumozilla/firefox< 126.0.1+build1-0ubuntu0.20.04.1

▶Palo Altopaloalto/prisma_browser

🔴Vulnerability Details

GHSA

GHSA-v4v9-v4wf-9c86: Out of bounds memory access in V8 in Google Chrome prior to 126↗2024-07-17

▶

CVEList

CVE-2024-6779: Out of bounds memory access in V8 in Google Chrome prior to 126↗2024-07-16

▶

OSV

CVE-2024-6779: Out of bounds memory access in V8 in Google Chrome prior to 126↗2024-07-16

▶

OSV

firefox regressions↗2024-05-29

▶

📋Vendor Advisories

Chrome

Long Term Support Channel Update for ChromeOS: CVE-2024-6779↗2024-09-06

▶

Palo Alto

PAN-SA-2024-0007 Prisma Browser: Monthly Vulnerability Updates↗2024-08-14

▶

Microsoft

Chromium: CVE-2024-6779 Out of bounds memory access in V8↗2024-07-09

▶

Debian

CVE-2024-6779: chromium - Out of bounds memory access in V8 in Google Chrome prior to 126.0.6478.182 allow...↗2024

▶