CVE-2024-7965: Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML…

high8.8CVSS 3.1

AVNACLPRNUIRSUCHIHAH

KEVITW

CISA Known Exploited Vulnerabilitydue 2024-09-18

Exploited in the wild

Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Affected

10 ranges

Vendor	Product	Version range	Fixed in
chromium	chromium	>= 0 < 128.0.6613.84-1~deb12u1	128.0.6613.84-1~deb12u1
chromium	chromium	>= 0 < 128.0.6613.84-1	128.0.6613.84-1
chromium	chromium	>= 0 < 128.0.6613.84-1	128.0.6613.84-1
debian	chromium	< chromium 128.0.6613.84-1~deb12u1 (bookworm)	chromium 128.0.6613.84-1~deb12u1 (bookworm)
google	chrome	< 128.0.6613.84	128.0.6613.84
google	chrome	>= 128.0.6613.84 < 128.0.6613.84	128.0.6613.84
google	chrome_chrome	—	—
microsoft	edge_chromium	< 128.0.2739.42	128.0.2739.42
msrc	microsoft_edge	—	—
paloalto	prisma_browser	—	—

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

osv8.8HIGH

vulncheck8.8HIGH

cisa8.8HIGH