CVE-2024-9955

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 130.0.6723.58 Microsoft Edge (affected versions not specified)

Description The issue is related to a use-after-free vulnerability in the WebAuthentication (WebAuthn) implementation, allowing a remote attacker to potentially exploit heap corruption via a crafted HTML page. This could impact the confidentiality, integrity, and availability of protected information. The vulnerability is associated with the EnclaveWebSocketClient::OnConnectionEstablished function and requires causing a specific failure in a WebSocket write.

Recommendations For Google Chrome versions prior to 130.0.6723.58, update to version 130.0.6723.58 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to WebAuthn functionality until a patch is available. Avoid using the WebAuthn API in affected browsers until the issue is resolved.