PT-2023-8701 · Google+4 · Mojo+5

Cassidy Kim

Publicado

2023-12-06

Atualizado

2024-12-19

CVE-2024-1670

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 122.0.6261.57

Description The issue is related to a use after free vulnerability in the Mojo library of Google Chrome, which can lead to heap corruption. This can potentially allow a remote attacker to execute arbitrary code by exploiting the vulnerability via a crafted HTML page.

Recommendations For versions prior to 122.0.6261.57, update to version 122.0.6261.57 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable web pages until the update is applied.

Exploit

Correção

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

ALT-PU-2024-10294

ALT-PU-2024-14286

ALT-PU-2024-14830

ALT-PU-2024-3320

BDU:2024-01615

CVE-2024-1670

DSA-5629-1

OPENSUSE-SU-2024:0084-1

OPENSUSE-SU-2024:13738-1

OPENSUSE-SU-2024:13764-1

OPENSUSE-SU-2024:13766-1

Produtos afetados

Alt Linux

Astra Linux

Debian

Google Chrome

Mojo

Red Os

PT-2023-8701 · Google+4 · Mojo+5

CVE-2024-1670

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 93