PT-2024-2545 · Microsoft+6 · Edge+6
Manfred Paul
·
Published
2024-03-26
·
Updated
2025-12-15
·
CVE-2024-2887
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Google Chrome versions prior to 123.0.6312.86
Microsoft Edge (Chromium-based) versions prior to 123.0.6312.86
Chromium versions prior to 126.0.6478.182-alt0.p10.1
nodejs-electron-28.2.10-1.1
chromedriver-124.0.6367.201-1.1
OpenSUSE (affected versions not specified)
MosOS (affected versions not specified)
Debian (affected versions not specified)
Description
A type confusion vulnerability exists in the WebAssembly (WASM) module of Google Chrome and Microsoft Edge (Chromium). This flaw allows a remote attacker to execute arbitrary code via a crafted HTML page. The vulnerability stems from improper input validation within the WASM module decoder, specifically a missing check of the type section size during the
DecodeTypeSection process.Recommendations
Google Chrome versions prior to 123.0.6312.86: Upgrade to version 123.0.6312.86 or later.
Microsoft Edge (Chromium-based) versions prior to 123.0.6312.86: Upgrade to version 123.0.6312.86 or later.
Chromium versions prior to 126.0.6478.182-alt0.p10.1: Upgrade to version 126.0.6478.182-alt0.p10.1 or later.
nodejs-electron-28.2.10-1.1: Upgrade to the latest available version.
chromedriver-124.0.6367.201-1.1: Upgrade to the latest available version.
OpenSUSE: Upgrade your Chromium packages to the latest available version.
Debian: Upgrade your Chromium packages to version 123.0.6312.86-1~deb12u1 or later.
Exploit
Fix
RCE
Type Confusion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Debian
Google Chrome
Edge
Red Os
Suse