CVE-2024-9126 — Use After Free in Google Chrome

CWE-416 — Use After Free5 documents5 sources

Severity

7.5HIGHNVD

EPSS

0.1%

top 66.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome

Timeline

PublishedNov 14

Description

Use after free in Internals in Google Chrome on iOS prior to 127.0.6533.88 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a series of curated UI gestures. (Chromium security severity: Medium)

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5google/chrome127.0.6533.88 — 127.0.6533.88

▶NVDgoogle/chrome< 127.0.6533.88

🔴Vulnerability Details

GHSA

GHSA-q7v7-xg85-x35m: Use after free in Internals in Google Chrome on iOS prior to 127↗2025-11-14

▶

CVEList

CVE-2024-9126: Use after free in Internals in Google Chrome on iOS prior to 127↗2025-11-14

▶

📋Vendor Advisories

Chrome

Stable Channel Update for Desktop: CVE-2024-9126↗2024-07-30

▶

Debian

CVE-2024-9126: chromium - Use after free in Internals in Google Chrome on iOS prior to 127.0.6533.88 allow...↗2024

▶