PT-2024-3165 · Google+5 · Google Chrome+6

Published

2024-04-08

Updated

2024-12-19

CVE-2024-4059

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 124.0.6367.78 Microsoft Edge (affected versions not specified)

Description: The issue is related to an out of bounds read in the V8 JavaScript engine handler interface, which can allow a remote attacker to leak cross-site data via a crafted HTML page. This can potentially lead to unauthorized access to protected information when a specially crafted malicious web page is opened.

Recommendations: For Google Chrome versions prior to 124.0.6367.78, update to version 124.0.6367.78 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2024-10294

ALT-PU-2024-10425

ALT-PU-2024-10427

ALT-PU-2024-14286

ALT-PU-2024-14830

ALT-PU-2024-15041

ALT-PU-2024-15575

ALT-PU-2024-7122

ALT-PU-2024-7309

BDU:2024-03378

CVE-2024-4059

DSA-5675-1

OPENSUSE-SU-2024:13953-1

Affected Products

Alt Linux

Astra Linux

Debian

Google Chrome

Edge

Red Os

V8 Javascript Engine

PT-2024-3165 · Google+5 · Google Chrome+6

CVE-2024-4059

Weakness Enumeration

Related Identifiers

Affected Products

References · 89