CVE-2024-9123 — External Control of Assumed-Immutable Web Parameter in Google Chrome

CWE-472 — External Control of Assumed-Immutable Web Parameter CWE-190 — Integer Overflow or Wraparound8 documents8 sources

Severity

8.8HIGHNVD

EPSS

0.2%

top 60.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Chromium Paloalto Prisma Browser

Timeline

PublishedSep 25

Latest updateOct 15

Description

Integer overflow in Skia in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5google/chrome129.0.6668.70 — 129.0.6668.70

▶NVDgoogle/chrome< 129.0.6668.70

▶Debianchromium/chromium< 129.0.6668.70-1~deb12u1+2

▶Palo Altopaloalto/prisma_browser

🔴Vulnerability Details

OSV

CVE-2024-9123: Integer overflow in Skia in Google Chrome prior to 129↗2024-09-25

▶

GHSA

GHSA-xwv3-34j2-7jgx: Integer overflow in Skia in Google Chrome prior to 129↗2024-09-25

▶

CVEList

CVE-2024-9123: Integer overflow in Skia in Google Chrome prior to 129↗2024-09-24

▶

📋Vendor Advisories

Chrome

Long Term Support Channel Update for ChromeOS: CVE-2024-9123↗2024-10-15

▶

Palo Alto

PAN-SA-2024-0011 Chromium: Monthly Vulnerability Updates↗2024-10-09

▶

Microsoft

Chromium: CVE-2024-9123 Integer overflow in Skia↗2024-09-10

▶

Debian

CVE-2024-9123: chromium - Integer overflow in Skia in Google Chrome prior to 129.0.6668.70 allowed a remot...↗2024

▶