PT-2024-6478 · Google+3 · V8+4
Published
2024-04-15
·
Updated
2025-03-19
·
CVE-2024-7024
CVSS v3.1
9.6
Critical
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Google Chrome versions prior to 126.0.6478.54
Description
The issue is related to an inappropriate implementation in V8, a component of Google Chrome, which could allow a remote attacker to potentially perform a sandbox escape via a crafted HTML page. This could lead to the disclosure of protected information. The vulnerability is associated with the use of memory after it has been freed.
Recommendations
For Google Chrome versions prior to 126.0.6478.54, upgrade to version 126.0.6478.54 or later to mitigate the risk of remote exploitation. As a temporary workaround, consider restricting the use of the V8 component until a patch is applied. Avoid using specially crafted HTML pages that could trigger the vulnerability.
Exploit
Fix
Memory Corruption
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Debian
Google Chrome
V8