PT-2024-2103 · Google+4 · Google Chrome+4

5Fceb6172Bbf7E2C5A948183B53565B9

Published

2024-02-19

Updated

2024-12-19

CVE-2024-2173

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 122.0.6261.111

Description The issue is related to an out of bounds memory access in V8, which can be exploited by a remote attacker using a crafted HTML page, potentially allowing the execution of arbitrary code or causing a denial of service. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Technical details about exploitation include:

API Endpoints: None specified
Vulnerable Parameters or Variables: None specified
Function Names: None specified, but the issue is related to a missing bounds check in the tier-up of the wasm-to-js wrapper.

Recommendations For Google Chrome versions prior to 122.0.6261.111, update to version 122.0.6261.111 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable HTML pages until the update is applied.

Exploit

Fix

Memory Corruption

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-119

Related Identifiers

ALT-PU-2024-10294

ALT-PU-2024-14286

ALT-PU-2024-14830

ALT-PU-2024-4439

ALT-PU-2024-7309

BDU:2024-01999

CVE-2024-2173

DSA-5636-1

OPENSUSE-SU-2024:0084-1

OPENSUSE-SU-2024:13764-1

OPENSUSE-SU-2024:13766-1

OPENSUSE-SU-2024:13773-1

Affected Products

Alt Linux

Astra Linux

Debian

Google Chrome

Red Os

PT-2024-2103 · Google+4 · Google Chrome+4

CVE-2024-2173

Weakness Enumeration

Related Identifiers

Affected Products

References · 87