CVE-2024-8636

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 128.0.6613.137 Microsoft Edge (affected versions not specified)

Description A heap buffer overflow in the Skia library of Google Chrome and Microsoft Edge exists due to a boundary error when processing untrusted HTML content. This issue allows a remote attacker to potentially exploit heap corruption via a crafted HTML page, which may lead to remote code execution. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For Google Chrome versions prior to 128.0.6613.137, update to version 128.0.6613.137 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting the use of the Skia library until a patch is available. Avoid using the Skia component in Google Chrome until the issue is resolved.