PT-2023-7984 · Google+4 · Google Chrome+4

Clément Lecigne

Published

2023-12-19

Updated

2024-12-20

CVE-2023-7024

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 120.0.6099.129

Description A heap buffer overflow in WebRTC allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. The vulnerability is actively exploited and may cause crashes or code execution. The issue is due to a heap buffer overflow weakness in the open-source WebRTC framework.

Recommendations For Google Chrome versions prior to 120.0.6099.129, update to version 120.0.6099.129 or later to fix the heap buffer overflow vulnerability in WebRTC. As a temporary workaround, consider disabling WebRTC until a patch is available. Restrict access to WebRTC to minimize the risk of exploitation. Avoid using vulnerable WebRTC functions until the issue is resolved.

Exploit

Fix

Heap Based Buffer Overflow

Memory Corruption

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122CWE-787CWE-119

Related Identifiers

ALT-PU-2024-10294

ALT-PU-2024-14286

ALT-PU-2024-14830

ALT-PU-2024-2062

ALT-PU-2024-3216

BDU:2023-09068

CVE-2023-7024

DSA-5585-1

MGASA-2023-0355

OPENSUSE-SU-2024:0001-1

OPENSUSE-SU-2024:0002-1

OPENSUSE-SU-2024:0020-1

OPENSUSE-SU-2024:13532-1

OPENSUSE-SU-2024:13583-1

OPENSUSE-SU-2024:13585-1

OPENSUSE-SU-2024:14001-1

OPENSUSE-SU-2024_0001-1

OPENSUSE-SU-2024_0002-1

Affected Products

Alt Linux

Astra Linux

Google Chrome

Red Os

Suse

PT-2023-7984 · Google+4 · Google Chrome+4

CVE-2023-7024

Weakness Enumeration

Related Identifiers

Affected Products

References · 185