CVE-2024-3159

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 123.0.6312.105

Description The issue is related to out of bounds memory access in the V8 engine of Google Chrome, allowing a remote attacker to perform arbitrary read/write via a crafted HTML page. This can lead to remote code execution. The vulnerability was demonstrated at Pwn2Own 2024, where it was successfully exploited, and the attackers earned $42,500. The Chromium security severity of this issue is High.

Recommendations For Google Chrome versions prior to 123.0.6312.105, update to version 123.0.6312.105 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable web pages until the update is applied. Avoid using Google Chrome to access untrusted websites or HTML pages until the issue is resolved.