CVE-2024-7970 — Out-of-bounds Write in Google Chrome

CWE-787 — Out-of-bounds Write7 documents7 sources

Severity

8.8HIGHNVD

EPSS

0.3%

top 51.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Chromium Paloalto Prisma Browser

Timeline

PublishedSep 3

Latest updateSep 11

Description

Out of bounds write in V8 in Google Chrome prior to 128.0.6613.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5google/chrome128.0.6613.119 — 128.0.6613.119

▶NVDgoogle/chrome< 128.0.6613.119

▶Debianchromium/chromium< 128.0.6613.119-1~deb12u1+2

▶Palo Altopaloalto/prisma_browser

🔴Vulnerability Details

GHSA

GHSA-4c4w-77f9-v9mq: Out of bounds write in V8 in Google Chrome prior to 128↗2024-09-04

▶

CVEList

CVE-2024-7970: Out of bounds write in V8 in Google Chrome prior to 128↗2024-09-03

▶

OSV

CVE-2024-7970: Out of bounds write in V8 in Google Chrome prior to 128↗2024-09-03

▶

📋Vendor Advisories

Palo Alto

PAN-SA-2024-0009 Prisma Browser: Monthly Vulnerability Updates↗2024-09-11

▶

Microsoft

Chromium: CVE-2024-7970 Out of bounds write in V8↗2024-09-10

▶

Debian

CVE-2024-7970: chromium - Out of bounds write in V8 in Google Chrome prior to 128.0.6613.119 allowed a rem...↗2024

▶