CVE-2024-7255Out-of-bounds Read in Google Chrome

CWE-125Out-of-bounds Read11 documents10 sources
Severity
8.8HIGHNVD
EPSS
0.6%
top 30.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Google ChromeChromiumPaloalto Prisma Browser
Timeline
PublishedAug 1
Latest updateAug 14

Description

Out of bounds read in WebTransport in Google Chrome prior to 127.0.6533.88 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

CVEListV5google/chrome127.0.6533.88127.0.6533.88
NVDgoogle/chrome< 127.0.6533.88
Debianchromium/chromium< 127.0.6533.88-1~deb12u1+2

🔴Vulnerability Details

3
OSV
CVE-2024-7255: Out of bounds read in WebTransport in Google Chrome prior to 1272024-08-01
CVEList
CVE-2024-7255: Out of bounds read in WebTransport in Google Chrome prior to 1272024-08-01
GHSA
GHSA-mcqx-pmh8-v9cr: Out of bounds read in WebTransport in Google Chrome prior to 1272024-08-01

📋Vendor Advisories

4
Palo Alto
PAN-SA-2024-0007 Prisma Browser: Monthly Vulnerability Updates2024-08-14
Microsoft
Chromium: CVE-2024-7255 Out of bounds read in WebTransport2024-08-13
Chrome
Stable Channel Update for Desktop: CVE-2024-69902024-07-30
Debian
CVE-2024-7255: chromium - Out of bounds read in WebTransport in Google Chrome prior to 127.0.6533.88 allow...2024

🕵️Threat Intelligence

3
Trendmicro
The August 2024 Security Update Review2024-08-13
Bleepingcomputer
Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited2024-08-13
Trendmicro
The August 2024 Security Update Review2024-08-13
CVE-2024-7255 — Out-of-bounds Read in Google Chrome | cvebase