CVE-2024-2176

2024-03-0618:34:06

Chrome

github.com

google chrome

use after free

heap corruption

fedcm

html page

remote attacker

AI Score

6.5

Confidence

High

SSVC

Exploitation

poc

Automatable

Technical Impact

total

JSON

Use after free in FedCM in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"
    ],
    "vendor": "google",
    "product": "chrome",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "122.0.6261.111",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*"
    ],
    "vendor": "fedoraproject",
    "product": "fedora",
    "versions": [
      {
        "status": "affected",
        "version": "40"
      }
    ],
    "defaultStatus": "unknown"
  }
]