PT-2024-5463 · Google+5 · Google Chrome+5

Fmyy

+1

·

Published

2024-06-13

·

Updated

2025-03-19

·

CVE-2024-6774

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 126.0.6478.182 Microsoft Edge (affected versions not specified)
Description The issue is related to a use after free vulnerability in the Screen Capture function, which can be exploited by a remote attacker using a crafted HTML page. This could potentially lead to heap corruption, allowing the attacker to gain unauthorized access to protected information, execute arbitrary code, or cause a denial of service. The attacker must convince a user to engage in specific UI gestures to exploit the vulnerability.
Recommendations For Google Chrome versions prior to 126.0.6478.182, update to version 126.0.6478.182 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the Screen Capture function until a patch is available.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2024-10072
ALT-PU-2024-10294
ALT-PU-2024-14830
ALT-PU-2024-14994
ALT-PU-2024-14996
ALT-PU-2024-15041
ALT-PU-2024-15575
ALT-PU-2025-4366
BDU:2024-06112
CVE-2024-6774
DSA-5732-1
MGASA-2024-0273
OPENSUSE-SU-2024:0212-1
OPENSUSE-SU-2024:0212-2
OPENSUSE-SU-2024:0242-1
OPENSUSE-SU-2024:0252-1
OPENSUSE-SU-2024:14205-1
OPENSUSE-SU-2024_0242-1
OPENSUSE-SU-2024_0252-1

Affected Products

Alt Linux
Debian
Google Chrome
Edge
Red Os
Suse