CVE-2024-5493

2024-05-3023:15:48

Google

osv.dev

webrtc

google chrome

buffer overflow

security vulnerability

heap corruption

html page

remote attacker

software

cve-2024-5493

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

JSON

Heap buffer overflow in WebRTC in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CPENameOperatorVersion
chromiumeq99.0.4844.51-2
chromiumeq114.0.5735.133-1
chromiumeq122.0.6261.57-1~deb12u1
chromiumeq104.0.5112.101-1
chromiumeq122.0.6261.128-1
chromiumeq107.0.5304.87-1~deb11u1
chromiumeq101.0.4951.41-1~deb11u1
chromiumeq118.0.5993.70-1
chromiumeq90.0.4430.212-1
chromiumeq115.0.5790.98-1~deb12u1

Name	Operator	Version
chromium	eq	99.0.4844.51-2
chromium	eq	114.0.5735.133-1
chromium	eq	122.0.6261.57-1~deb12u1
chromium	eq	104.0.5112.101-1
chromium	eq	122.0.6261.128-1
chromium	eq	107.0.5304.87-1~deb11u1
chromium	eq	101.0.4951.41-1~deb11u1
chromium	eq	118.0.5993.70-1
chromium	eq	90.0.4430.212-1
chromium	eq	115.0.5790.98-1~deb12u1