PT-2024-3166 · Google+4 · Google Chrome+4

Bao Pham

Published

2024-04-02

Updated

2024-12-27

CVE-2024-4058

CVSS v3.1

Critical

Vector

AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 124.0.6367.78

Description: The issue is related to a type confusion in the ANGLE graphics layer engine, which could allow a remote attacker to exploit heap corruption via a crafted HTML page. This could potentially enable the attacker to bypass sandbox protection mechanisms and execute arbitrary code. The severity of this issue is considered critical.

Recommendations: For Google Chrome versions prior to 124.0.6367.78, update to version 124.0.6367.78 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable web pages or disabling the use of the ANGLE graphics layer engine until a patch is applied.

Exploit

Fix

Type Confusion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-843

Related Identifiers

ALT-PU-2024-10294

ALT-PU-2024-10425

ALT-PU-2024-10427

ALT-PU-2024-14286

ALT-PU-2024-14830

ALT-PU-2024-15041

ALT-PU-2024-15575

ALT-PU-2024-7122

ALT-PU-2024-7309

BDU:2024-03379

CVE-2024-4058

DSA-5675-1

OPENSUSE-SU-2024:13924-1

OPENSUSE-SU-2024:13953-1

OPENSUSE-SU-2024:14548-1

Affected Products

Alt Linux

Astra Linux

Debian

Google Chrome

Red Os

PT-2024-3166 · Google+4 · Google Chrome+4

CVE-2024-4058

Weakness Enumeration

Related Identifiers

Affected Products

References · 117