Lucene search

K

[email protected]NVD:CVE-2024-4331

HistoryMay 01, 2024 - 1:15 p.m.

CVE-2024-4331

2024-05-0113:15:52

CWE-416

[email protected]

web.nvd.nist.gov

1

chrome

vulnerability

picture in picture

heap corruption

html page

remote attacker

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

10.3%

Use after free in Picture In Picture in Google Chrome prior to 124.0.6367.118 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

References

chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_30.html

issues.chromium.org/issues/335003891

lists.fedoraproject.org/archives/list/[email protected]/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/

lists.fedoraproject.org/archives/list/[email protected]/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/

lists.fedoraproject.org/archives/list/[email protected]/message/L7I4FMQSOVTCIIH4XT2MJGEQRUACLPB6/

lists.fedoraproject.org/archives/list/[email protected]/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/

lists.fedoraproject.org/archives/list/[email protected]/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

10.3%

Related for NVD:CVE-2024-4331

veracode1 ubuntucve1 cve1 cvelist1 debiancve1 alpinelinux1 cgr1 vulnrichment1 osv2 mscve1 wolfi1 openvas11 debian1 chrome1 nessus10 kaspersky2 mageia1 fedora5 freebsd2 redos1 rapid7blog1