CVE-2024-9369 — Improper Validation of Specified Quantity in Input in Google Chrome

CWE-1284 — Improper Validation of Specified Quantity in Input11 documents10 sources

Severity

9.6CRITICALNVD

EPSS

0.1%

top 69.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Chromium Paloalto Prisma Browser

Timeline

PublishedNov 27

Description

Insufficient data validation in Mojo in Google Chrome prior to 129.0.6668.89 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 2.8 | Impact: 6.0

Affected Packages4 packages

▶CVEListV5google/chrome129.0.6668.89 — 129.0.6668.89

▶NVDgoogle/chrome< 129.0.6668.89

▶Debianchromium/chromium< 129.0.6668.89-1~deb12u1+2

▶Palo Altopaloalto/prisma_browser

🔴Vulnerability Details

CVEList

CVE-2024-9369: Insufficient data validation in Mojo in Google Chrome prior to 129↗2024-11-27

▶

OSV

CVE-2024-9369: Insufficient data validation in Mojo in Google Chrome prior to 129↗2024-11-27

▶

GHSA

GHSA-73pw-pffq-gh67: Insufficient data validation in Mojo in Google Chrome prior to 129↗2024-11-27

▶

📋Vendor Advisories

Palo Alto

PAN-SA-2024-0011 Chromium: Monthly Vulnerability Updates↗2024-10-09

▶

Microsoft

Chromium: CVE-2024-9369 Insufficient data validation in Mojo↗2024-10-08

▶

Chrome

Stable Channel Update for Desktop: CVE-2024-7025↗2024-10-01

▶

Debian

CVE-2024-9369: chromium - Insufficient data validation in Mojo in Google Chrome prior to 129.0.6668.89 all...↗2024

▶

🕵️Threat Intelligence

Bleepingcomputer

Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws↗2024-10-08

▶

Trendmicro

The October 2024 Security Update Review↗2024-10-08

▶

Trendmicro

The October 2024 Security Update Review↗2024-10-08

▶