CVE-2024-7024Out-of-bounds Write in Google Chrome

CWE-787Out-of-bounds WriteCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources
Severity
9.6CRITICALNVD
EPSS
0.1%
top 68.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Google ChromeChromium
Timeline
PublishedSep 23
Latest updateSep 24

Description

Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 2.8 | Impact: 6.0

Affected Packages3 packages

CVEListV5google/chrome126.0.6478.54126.0.6478.54
NVDgoogle/chrome< 126.0.6478.54
Debianchromium/chromium< 126.0.6478.56-1~deb12u1+2

🔴Vulnerability Details

3
GHSA
GHSA-vhc3-jh5x-7vhv: Inappropriate implementation in V8 in Google Chrome prior to 1262024-09-24
OSV
CVE-2024-7024: Inappropriate implementation in V8 in Google Chrome prior to 1262024-09-23
CVEList
CVE-2024-7024: Inappropriate implementation in V8 in Google Chrome prior to 1262024-09-23

📋Vendor Advisories

1
Debian
CVE-2024-7024: chromium - Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.54 allow...2024
CVE-2024-7024 — Out-of-bounds Write in Google Chrome | cvebase