CVE-2024-9955 — Use After Free in Google Chrome

CWE-416 — Use After Free7 documents7 sources

Severity

8.8HIGHNVD

EPSS

29.4%

top 3.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Chromium Paloalto Prisma Browser

Timeline

PublishedOct 15

Latest updateNov 13

Description

Use after free in WebAuthentication in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5google/chrome130.0.6723.58 — 130.0.6723.58

▶NVDgoogle/chrome< 130.0.6723.58

▶Debianchromium/chromium< 130.0.6723.58-1~deb12u1+2

▶Palo Altopaloalto/prisma_browser

🔴Vulnerability Details

GHSA

GHSA-gj3r-7jjv-636h: Use after free in WebAuthentication in Google Chrome prior to 130↗2024-10-15

▶

OSV

CVE-2024-9955: Use after free in WebAuthentication in Google Chrome prior to 130↗2024-10-15

▶

CVEList

CVE-2024-9955: Use after free in WebAuthentication in Google Chrome prior to 130↗2024-10-15

▶

📋Vendor Advisories

Palo Alto

PAN-SA-2024-0016 Chromium: Monthly Vulnerability Updates↗2024-11-13

▶

Microsoft

Chromium: CVE-2024-9955 Use after free in Web Authentication↗2024-10-08

▶

Debian

CVE-2024-9955: chromium - Use after free in WebAuthentication in Google Chrome prior to 130.0.6723.58 allo...↗2024

▶