CVE-2024-6990Use of Uninitialized Variable in Google Chrome

CWE-457Use of Uninitialized VariableCWE-908Use of Uninitialized Resource11 documents10 sources
Severity
8.8HIGHNVD
EPSS
0.3%
top 43.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Google ChromeChromiumPaloalto Prisma Browser
Timeline
PublishedAug 1
Latest updateAug 14

Description

Uninitialized Use in Dawn in Google Chrome on Android prior to 127.0.6533.88 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Critical)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

CVEListV5google/chrome127.0.6533.88127.0.6533.88
NVDgoogle/chrome< 127.0.6533.88
Debianchromium/chromium< 127.0.6533.88-1~deb12u1+2

🔴Vulnerability Details

3
GHSA
GHSA-gh9v-q4wx-5m5c: Uninitialized Use in Dawn in Google Chrome on Android prior to 1272024-08-01
CVEList
CVE-2024-6990: Uninitialized Use in Dawn in Google Chrome on Android prior to 1272024-08-01
OSV
CVE-2024-6990: Uninitialized Use in Dawn in Google Chrome on Android prior to 1272024-08-01

📋Vendor Advisories

4
Palo Alto
PAN-SA-2024-0007 Prisma Browser: Monthly Vulnerability Updates2024-08-14
Microsoft
Chromium: CVE-2024-6990 Uninitialized Use in Dawn2024-08-13
Chrome
Stable Channel Update for Desktop: CVE-2024-69902024-07-30
Debian
CVE-2024-6990: chromium - Uninitialized Use in Dawn in Google Chrome on Android prior to 127.0.6533.88 all...2024

🕵️Threat Intelligence

3
Trendmicro
The August 2024 Security Update Review2024-08-13
Bleepingcomputer
Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited2024-08-13
Trendmicro
The August 2024 Security Update Review2024-08-13
CVE-2024-6990 — Use of Uninitialized Variable in Google | cvebase