CVE-2024-3837

2024-04-1708:15:10

Google

osv.dev

google chrome

quic

use after free

vulnerability

cve-2024-3837

heap corruption

renderer process

remote attacker

html page

software

security severity: medium

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.7%

JSON

Use after free in QUIC in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

CPENameOperatorVersion
chromiumeq114.0.5735.133-1
chromiumeq119.0.6045.159-1~deb12u1
chromiumeq124.0.6367.118-1
chromiumeq106.0.5249.91-1~deb11u1
chromiumeq112.0.5615.49-1
chromiumeq100.0.4896.60-1~deb11u1
chromiumeq106.0.5249.91-1
chromiumeq116.0.5845.180-1~deb12u1
chromiumeq90.0.4430.212-1
chromiumeq120.0.6099.224-1~deb12u1

Name	Operator	Version
chromium	eq	114.0.5735.133-1
chromium	eq	119.0.6045.159-1~deb12u1
chromium	eq	124.0.6367.118-1
chromium	eq	106.0.5249.91-1~deb11u1
chromium	eq	112.0.5615.49-1
chromium	eq	100.0.4896.60-1~deb11u1
chromium	eq	106.0.5249.91-1
chromium	eq	116.0.5845.180-1~deb12u1
chromium	eq	90.0.4430.212-1
chromium	eq	120.0.6099.224-1~deb12u1