PT-2024-3006 · Google+4 · Google Chrome+4

Wgslfuzz

·

Published

2024-04-09

·

Updated

2024-12-19

·

CVE-2024-3515

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 123.0.6312.122
Description The issue allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This can be achieved through the use of a specially designed web page, potentially leading to arbitrary code execution. The severity of this issue is considered high.
Recommendations For Google Chrome versions prior to 123.0.6312.122, update to version 123.0.6312.122 or later to resolve the issue. As a temporary workaround, consider avoiding the use of potentially vulnerable features in the Dawn component until a patch is applied.

Exploit

Fix

Use After Free

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416CWE-122

Related Identifiers

ALT-PU-2024-10294
ALT-PU-2024-14286
ALT-PU-2024-14830
ALT-PU-2024-6499
ALT-PU-2024-7309
BDU:2024-03188
CVE-2024-3515
DSA-5656-1
MGASA-2024-0150
OPENSUSE-SU-2024:13953-1

Affected Products

Alt Linux
Astra Linux
Debian
Google Chrome
Red Os