Gentoo update for Chromium, Google Chrome, Microsoft Edge. Opera
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 33 |
| CVE-ID | CVE-2024-1669 CVE-2024-1670 CVE-2024-1671 CVE-2024-1672 CVE-2024-1673 CVE-2024-1674 CVE-2024-1675 CVE-2024-1676 CVE-2024-2173 CVE-2024-2174 CVE-2024-2176 CVE-2024-2400 CVE-2024-2625 CVE-2024-2626 CVE-2024-2627 CVE-2024-2628 CVE-2024-2883 CVE-2024-2885 CVE-2024-2886 CVE-2024-2887 CVE-2024-3156 CVE-2024-3158 CVE-2024-3159 CVE-2024-3832 CVE-2024-3833 CVE-2024-3834 CVE-2024-4058 CVE-2024-4059 CVE-2024-4060 CVE-2024-4331 CVE-2024-4368 CVE-2024-4558 CVE-2024-4559 |
| CWE-ID | CWE-119 CWE-416 CWE-358 CWE-264 CWE-664 CWE-125 CWE-843 CWE-122 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #20 is available. |
| Vulnerable software |
Gentoo Linux Operating systems & Components / Operating system www-client/microsoft-edge Operating systems & Components / Operating system package or component www-client/google-chrome Operating systems & Components / Operating system package or component www-client/chromium Operating systems & Components / Operating system package or component ww-client/microsoft-edge Operating systems & Components / Operating system package or component www-client/opera Operating systems & Components / Operating system package or component |
| Vendor | Gentoo |
Security Bulletin
This security bulletin contains information about 33 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU86660
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-1669
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a boundary error in Blink in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage, trigger a stack-based buffer overflow and execute arbitrary code on the system.
MitigationUpdate the affected packages.
ww-client/microsoft-edge to version: 124.0.6367.155
www-client/chromium to version: 124.0.6367.155
www-client/google-chrome to version: 124.0.2478.97
www-client/microsoft-edge to version: 110.0.5130.35
www-client/opera to version:
Gentoo Linux: All versions
www-client/microsoft-edge: before 110.0.5130.35
www-client/google-chrome: before 124.0.2478.97
www-client/chromium: before 124.0.6367.155
ww-client/microsoft-edge: before 124.0.6367.155
www-client/opera: before 73.0.3856.284
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:ww-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_opera:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202412-05
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free
EUVDB-ID: #VU86661
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-1670
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Mojo component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
ww-client/microsoft-edge to version: 124.0.6367.155
www-client/chromium to version: 124.0.6367.155
www-client/google-chrome to version: 124.0.2478.97
www-client/microsoft-edge to version: 110.0.5130.35
www-client/opera to version:
Gentoo Linux: All versions
www-client/microsoft-edge: before 110.0.5130.35
www-client/google-chrome: before 124.0.2478.97
www-client/chromium: before 124.0.6367.155
ww-client/microsoft-edge: before 124.0.6367.155
www-client/opera: before 73.0.3856.284
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:ww-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_opera:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202412-05
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improperly implemented security check for standard
EUVDB-ID: #VU86662
Risk: High
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-1671
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Site Isolation in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
ww-client/microsoft-edge to version: 124.0.6367.155
www-client/chromium to version: 124.0.6367.155
www-client/google-chrome to version: 124.0.2478.97
www-client/microsoft-edge to version: 110.0.5130.35
www-client/opera to version:
Gentoo Linux: All versions
www-client/microsoft-edge: before 110.0.5130.35
www-client/google-chrome: before 124.0.2478.97
www-client/chromium: before 124.0.6367.155
ww-client/microsoft-edge: before 124.0.6367.155
www-client/opera: before 73.0.3856.284
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:ww-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_opera:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202412-05
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improperly implemented security check for standard
EUVDB-ID: #VU86663
Risk: High
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-1672
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Content Security Policy in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
ww-client/microsoft-edge to version: 124.0.6367.155
www-client/chromium to version: 124.0.6367.155
www-client/google-chrome to version: 124.0.2478.97
www-client/microsoft-edge to version: 110.0.5130.35
www-client/opera to version:
Gentoo Linux: All versions
www-client/microsoft-edge: before 110.0.5130.35
www-client/google-chrome: before 124.0.2478.97
www-client/chromium: before 124.0.6367.155
ww-client/microsoft-edge: before 124.0.6367.155
www-client/opera: before 73.0.3856.284
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:ww-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_opera:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202412-05
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use-after-free
EUVDB-ID: #VU86664
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-1673
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Accessibility in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
ww-client/microsoft-edge to version: 124.0.6367.155
www-client/chromium to version: 124.0.6367.155
www-client/google-chrome to version: 124.0.2478.97
www-client/microsoft-edge to version: 110.0.5130.35
www-client/opera to version:
Gentoo Linux: All versions
www-client/microsoft-edge: before 110.0.5130.35
www-client/google-chrome: before 124.0.2478.97
www-client/chromium: before 124.0.6367.155
ww-client/microsoft-edge: before 124.0.6367.155
www-client/opera: before 73.0.3856.284
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:ww-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_opera:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202412-05
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improperly implemented security check for standard
EUVDB-ID: #VU86665
Risk: High
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-1674
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Navigation in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
ww-client/microsoft-edge to version: 124.0.6367.155
www-client/chromium to version: 124.0.6367.155
www-client/google-chrome to version: 124.0.2478.97
www-client/microsoft-edge to version: 110.0.5130.35
www-client/opera to version:
Gentoo Linux: All versions
www-client/microsoft-edge: before 110.0.5130.35
www-client/google-chrome: before 124.0.2478.97
www-client/chromium: before 124.0.6367.155
ww-client/microsoft-edge: before 124.0.6367.155
www-client/opera: before 73.0.3856.284
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:ww-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_opera:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202412-05
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU86666
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-1675
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in Download in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
MitigationUpdate the affected packages.
ww-client/microsoft-edge to version: 124.0.6367.155
www-client/chromium to version: 124.0.6367.155
www-client/google-chrome to version: 124.0.2478.97
www-client/microsoft-edge to version: 110.0.5130.35
www-client/opera to version:
Gentoo Linux: All versions
www-client/microsoft-edge: before 110.0.5130.35
www-client/google-chrome: before 124.0.2478.97
www-client/chromium: before 124.0.6367.155
ww-client/microsoft-edge: before 124.0.6367.155
www-client/opera: before 73.0.3856.284
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:ww-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_opera:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202412-05
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Improperly implemented security check for standard
EUVDB-ID: #VU86667
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-1676
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Navigation in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
ww-client/microsoft-edge to version: 124.0.6367.155
www-client/chromium to version: 124.0.6367.155
www-client/google-chrome to version: 124.0.2478.97
www-client/microsoft-edge to version: 110.0.5130.35
www-client/opera to version:
Gentoo Linux: All versions
www-client/microsoft-edge: before 110.0.5130.35
www-client/google-chrome: before 124.0.2478.97
www-client/chromium: before 124.0.6367.155
ww-client/microsoft-edge: before 124.0.6367.155
www-client/opera: before 73.0.3856.284
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:ww-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_opera:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202412-05
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Buffer overflow
EUVDB-ID: #VU87157
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-2173
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a boundary error in V8 in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage, trigger a stack-based buffer overflow and execute arbitrary code on the system.
MitigationUpdate the affected packages.
ww-client/microsoft-edge to version: 124.0.6367.155
www-client/chromium to version: 124.0.6367.155
www-client/google-chrome to version: 124.0.2478.97
www-client/microsoft-edge to version: 110.0.5130.35
www-client/opera to version:
Gentoo Linux: All versions
www-client/microsoft-edge: before 110.0.5130.35
www-client/google-chrome: before 124.0.2478.97
www-client/chromium: before 124.0.6367.155
ww-client/microsoft-edge: before 124.0.6367.155
www-client/opera: before 73.0.3856.284
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:ww-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_opera:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202412-05
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Improperly implemented security check for standard
EUVDB-ID: #VU87158
Risk: Medium
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-2174
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to incorrect implementation in V8 in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.
MitigationUpdate the affected packages.
ww-client/microsoft-edge to version: 124.0.6367.155
www-client/chromium to version: 124.0.6367.155
www-client/google-chrome to version: 124.0.2478.97
www-client/microsoft-edge to version: 110.0.5130.35
www-client/opera to version:
Gentoo Linux: All versions
www-client/microsoft-edge: before 110.0.5130.35
www-client/google-chrome: before 124.0.2478.97
www-client/chromium: before 124.0.6367.155
ww-client/microsoft-edge: before 124.0.6367.155
www-client/opera: before 73.0.3856.284
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:ww-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_opera:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202412-05
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Use-after-free
EUVDB-ID: #VU87159
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-2176
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the FedCM component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
ww-client/microsoft-edge to version: 124.0.6367.155
www-client/chromium to version: 124.0.6367.155
www-client/google-chrome to version: 124.0.2478.97
www-client/microsoft-edge to version: 110.0.5130.35
www-client/opera to version:
Gentoo Linux: All versions
www-client/microsoft-edge: before 110.0.5130.35
www-client/google-chrome: before 124.0.2478.97
www-client/chromium: before 124.0.6367.155
ww-client/microsoft-edge: before 124.0.6367.155
www-client/opera: before 73.0.3856.284
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:ww-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_opera:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202412-05
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Use-after-free
EUVDB-ID: #VU87493
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-2400
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Performance Manager component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
ww-client/microsoft-edge to version: 124.0.6367.155
www-client/chromium to version: 124.0.6367.155
www-client/google-chrome to version: 124.0.2478.97
www-client/microsoft-edge to version: 110.0.5130.35
www-client/opera to version:
Gentoo Linux: All versions
www-client/microsoft-edge: before 110.0.5130.35
www-client/google-chrome: before 124.0.2478.97
www-client/chromium: before 124.0.6367.155
ww-client/microsoft-edge: before 124.0.6367.155
www-client/opera: before 73.0.3856.284
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:ww-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_opera:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202412-05
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Improper control of a resource through its lifetime
EUVDB-ID: #VU87632
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-2625
CWE-ID:
CWE-664 - Improper control of a resource through its lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to improper control of object lifetime in V8 in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage, trigger a stack-based buffer overflow and execute arbitrary code on the system.
MitigationUpdate the affected packages.
ww-client/microsoft-edge to version: 124.0.6367.155
www-client/chromium to version: 124.0.6367.155
www-client/google-chrome to version: 124.0.2478.97
www-client/microsoft-edge to version: 110.0.5130.35
www-client/opera to version:
Gentoo Linux: All versions
www-client/microsoft-edge: before 110.0.5130.35
www-client/google-chrome: before 124.0.2478.97
www-client/chromium: before 124.0.6367.155
ww-client/microsoft-edge: before 124.0.6367.155
www-client/opera: before 73.0.3856.284
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:ww-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_opera:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202412-05
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Out-of-bounds read
EUVDB-ID: #VU87633
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-2626
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Swiftshader component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger an out-of-bounds read error and gain access to sensitive information.
MitigationUpdate the affected packages.
ww-client/microsoft-edge to version: 124.0.6367.155
www-client/chromium to version: 124.0.6367.155
www-client/google-chrome to version: 124.0.2478.97
www-client/microsoft-edge to version: 110.0.5130.35
www-client/opera to version:
Gentoo Linux: All versions
www-client/microsoft-edge: before 110.0.5130.35
www-client/google-chrome: before 124.0.2478.97
www-client/chromium: before 124.0.6367.155
ww-client/microsoft-edge: before 124.0.6367.155
www-client/opera: before 73.0.3856.284
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:ww-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_opera:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202412-05
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Use-after-free
EUVDB-ID: #VU87634
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-2627
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Canvas in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
ww-client/microsoft-edge to version: 124.0.6367.155
www-client/chromium to version: 124.0.6367.155
www-client/google-chrome to version: 124.0.2478.97
www-client/microsoft-edge to version: 110.0.5130.35
www-client/opera to version:
Gentoo Linux: All versions
www-client/microsoft-edge: before 110.0.5130.35
www-client/google-chrome: before 124.0.2478.97
www-client/chromium: before 124.0.6367.155
ww-client/microsoft-edge: before 124.0.6367.155
www-client/opera: before 73.0.3856.284
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:ww-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_opera:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202412-05
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Improperly implemented security check for standard
EUVDB-ID: #VU87635
Risk: High
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-2628
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Downloads in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
ww-client/microsoft-edge to version: 124.0.6367.155
www-client/chromium to version: 124.0.6367.155
www-client/google-chrome to version: 124.0.2478.97
www-client/microsoft-edge to version: 110.0.5130.35
www-client/opera to version:
Gentoo Linux: All versions
www-client/microsoft-edge: before 110.0.5130.35
www-client/google-chrome: before 124.0.2478.97
www-client/chromium: before 124.0.6367.155
ww-client/microsoft-edge: before 124.0.6367.155
www-client/opera: before 73.0.3856.284
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:ww-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_opera:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202412-05
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Use-after-free
EUVDB-ID: #VU87835
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-2883
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the ANGLE component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
ww-client/microsoft-edge to version: 124.0.6367.155
www-client/chromium to version: 124.0.6367.155
www-client/google-chrome to version: 124.0.2478.97
www-client/microsoft-edge to version: 110.0.5130.35
www-client/opera to version:
Gentoo Linux: All versions
www-client/microsoft-edge: before 110.0.5130.35
www-client/google-chrome: before 124.0.2478.97
www-client/chromium: before 124.0.6367.155
ww-client/microsoft-edge: before 124.0.6367.155
www-client/opera: before 73.0.3856.284
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:ww-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_opera:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202412-05
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Use-after-free
EUVDB-ID: #VU87836
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-2885
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Dawn component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
ww-client/microsoft-edge to version: 124.0.6367.155
www-client/chromium to version: 124.0.6367.155
www-client/google-chrome to version: 124.0.2478.97
www-client/microsoft-edge to version: 110.0.5130.35
www-client/opera to version:
Gentoo Linux: All versions
www-client/microsoft-edge: before 110.0.5130.35
www-client/google-chrome: before 124.0.2478.97
www-client/chromium: before 124.0.6367.155
ww-client/microsoft-edge: before 124.0.6367.155
www-client/opera: before 73.0.3856.284
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:ww-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_opera:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202412-05
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Use-after-free
EUVDB-ID: #VU87837
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-2886
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the WebCodecs component in Google Chrome within the implementation of the VideoFrame API. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
ww-client/microsoft-edge to version: 124.0.6367.155
www-client/chromium to version: 124.0.6367.155
www-client/google-chrome to version: 124.0.2478.97
www-client/microsoft-edge to version: 110.0.5130.35
www-client/opera to version:
Gentoo Linux: All versions
www-client/microsoft-edge: before 110.0.5130.35
www-client/google-chrome: before 124.0.2478.97
www-client/chromium: before 124.0.6367.155
ww-client/microsoft-edge: before 124.0.6367.155
www-client/opera: before 73.0.3856.284
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:ww-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_opera:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202412-05
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Type Confusion
EUVDB-ID: #VU87838
Risk: High
CVSSv4.0: 7.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2024-2887
CWE-ID:
CWE-843 - Type confusion
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the WebAssembly component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
ww-client/microsoft-edge to version: 124.0.6367.155
www-client/chromium to version: 124.0.6367.155
www-client/google-chrome to version: 124.0.2478.97
www-client/microsoft-edge to version: 110.0.5130.35
www-client/opera to version:
Gentoo Linux: All versions
www-client/microsoft-edge: before 110.0.5130.35
www-client/google-chrome: before 124.0.2478.97
www-client/chromium: before 124.0.6367.155
ww-client/microsoft-edge: before 124.0.6367.155
www-client/opera: before 73.0.3856.284
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:ww-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_opera:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202412-05
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
21) Improperly implemented security check for standard
EUVDB-ID: #VU88005
Risk: Medium
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-3156
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to incorrect implementation in V8 in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.
MitigationUpdate the affected packages.
ww-client/microsoft-edge to version: 124.0.6367.155
www-client/chromium to version: 124.0.6367.155
www-client/google-chrome to version: 124.0.2478.97
www-client/microsoft-edge to version: 110.0.5130.35
www-client/opera to version:
Gentoo Linux: All versions
www-client/microsoft-edge: before 110.0.5130.35
www-client/google-chrome: before 124.0.2478.97
www-client/chromium: before 124.0.6367.155
ww-client/microsoft-edge: before 124.0.6367.155
www-client/opera: before 73.0.3856.284
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:ww-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_opera:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202412-05
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Use-after-free
EUVDB-ID: #VU88006
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-3158
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Bookmarks component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
ww-client/microsoft-edge to version: 124.0.6367.155
www-client/chromium to version: 124.0.6367.155
www-client/google-chrome to version: 124.0.2478.97
www-client/microsoft-edge to version: 110.0.5130.35
www-client/opera to version:
Gentoo Linux: All versions
www-client/microsoft-edge: before 110.0.5130.35
www-client/google-chrome: before 124.0.2478.97
www-client/chromium: before 124.0.6367.155
ww-client/microsoft-edge: before 124.0.6367.155
www-client/opera: before 73.0.3856.284
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:ww-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_opera:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202412-05
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Buffer overflow
EUVDB-ID: #VU88007
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-3159
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a boundary error in V8 in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage, trigger a stack-based buffer overflow and execute arbitrary code on the system.
MitigationUpdate the affected packages.
ww-client/microsoft-edge to version: 124.0.6367.155
www-client/chromium to version: 124.0.6367.155
www-client/google-chrome to version: 124.0.2478.97
www-client/microsoft-edge to version: 110.0.5130.35
www-client/opera to version:
Gentoo Linux: All versions
www-client/microsoft-edge: before 110.0.5130.35
www-client/google-chrome: before 124.0.2478.97
www-client/chromium: before 124.0.6367.155
ww-client/microsoft-edge: before 124.0.6367.155
www-client/opera: before 73.0.3856.284
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:ww-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_opera:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202412-05
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Buffer overflow
EUVDB-ID: #VU88737
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-3832
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a boundary error in V8 in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage, trigger memory corruption and execute arbitrary code on the system.
MitigationUpdate the affected packages.
ww-client/microsoft-edge to version: 124.0.6367.155
www-client/chromium to version: 124.0.6367.155
www-client/google-chrome to version: 124.0.2478.97
www-client/microsoft-edge to version: 110.0.5130.35
www-client/opera to version:
Gentoo Linux: All versions
www-client/microsoft-edge: before 110.0.5130.35
www-client/google-chrome: before 124.0.2478.97
www-client/chromium: before 124.0.6367.155
ww-client/microsoft-edge: before 124.0.6367.155
www-client/opera: before 73.0.3856.284
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:ww-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_opera:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202412-05
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Buffer overflow
EUVDB-ID: #VU88738
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-3833
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a boundary error in WebAssembly in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage, trigger memory corruption and execute arbitrary code on the system.
MitigationUpdate the affected packages.
ww-client/microsoft-edge to version: 124.0.6367.155
www-client/chromium to version: 124.0.6367.155
www-client/google-chrome to version: 124.0.2478.97
www-client/microsoft-edge to version: 110.0.5130.35
www-client/opera to version:
Gentoo Linux: All versions
www-client/microsoft-edge: before 110.0.5130.35
www-client/google-chrome: before 124.0.2478.97
www-client/chromium: before 124.0.6367.155
ww-client/microsoft-edge: before 124.0.6367.155
www-client/opera: before 73.0.3856.284
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:ww-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_opera:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202412-05
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Use-after-free
EUVDB-ID: #VU88726
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-3834
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Downloads component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
ww-client/microsoft-edge to version: 124.0.6367.155
www-client/chromium to version: 124.0.6367.155
www-client/google-chrome to version: 124.0.2478.97
www-client/microsoft-edge to version: 110.0.5130.35
www-client/opera to version:
Gentoo Linux: All versions
www-client/microsoft-edge: before 110.0.5130.35
www-client/google-chrome: before 124.0.2478.97
www-client/chromium: before 124.0.6367.155
ww-client/microsoft-edge: before 124.0.6367.155
www-client/opera: before 73.0.3856.284
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:ww-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_opera:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202412-05
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Type Confusion
EUVDB-ID: #VU88973
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-4058
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error in ANGLE. A remote attacker can trick the victim to visit a specially crafted website, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
ww-client/microsoft-edge to version: 124.0.6367.155
www-client/chromium to version: 124.0.6367.155
www-client/google-chrome to version: 124.0.2478.97
www-client/microsoft-edge to version: 110.0.5130.35
www-client/opera to version:
Gentoo Linux: All versions
www-client/microsoft-edge: before 110.0.5130.35
www-client/google-chrome: before 124.0.2478.97
www-client/chromium: before 124.0.6367.155
ww-client/microsoft-edge: before 124.0.6367.155
www-client/opera: before 73.0.3856.284
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:ww-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_opera:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202412-05
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Out-of-bounds read
EUVDB-ID: #VU88971
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-4059
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the V8 API component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger an out-of-bounds read error and gain access to sensitive information.
MitigationUpdate the affected packages.
ww-client/microsoft-edge to version: 124.0.6367.155
www-client/chromium to version: 124.0.6367.155
www-client/google-chrome to version: 124.0.2478.97
www-client/microsoft-edge to version: 110.0.5130.35
www-client/opera to version:
Gentoo Linux: All versions
www-client/microsoft-edge: before 110.0.5130.35
www-client/google-chrome: before 124.0.2478.97
www-client/chromium: before 124.0.6367.155
ww-client/microsoft-edge: before 124.0.6367.155
www-client/opera: before 73.0.3856.284
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:ww-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_opera:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202412-05
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Use-after-free
EUVDB-ID: #VU88972
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-4060
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Dawn component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
ww-client/microsoft-edge to version: 124.0.6367.155
www-client/chromium to version: 124.0.6367.155
www-client/google-chrome to version: 124.0.2478.97
www-client/microsoft-edge to version: 110.0.5130.35
www-client/opera to version:
Gentoo Linux: All versions
www-client/microsoft-edge: before 110.0.5130.35
www-client/google-chrome: before 124.0.2478.97
www-client/chromium: before 124.0.6367.155
ww-client/microsoft-edge: before 124.0.6367.155
www-client/opera: before 73.0.3856.284
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:ww-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_opera:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202412-05
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Use-after-free
EUVDB-ID: #VU89079
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-4331
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Picture In Picture component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
ww-client/microsoft-edge to version: 124.0.6367.155
www-client/chromium to version: 124.0.6367.155
www-client/google-chrome to version: 124.0.2478.97
www-client/microsoft-edge to version: 110.0.5130.35
www-client/opera to version:
Gentoo Linux: All versions
www-client/microsoft-edge: before 110.0.5130.35
www-client/google-chrome: before 124.0.2478.97
www-client/chromium: before 124.0.6367.155
ww-client/microsoft-edge: before 124.0.6367.155
www-client/opera: before 73.0.3856.284
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:ww-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_opera:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202412-05
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Use-after-free
EUVDB-ID: #VU89080
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-4368
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Dawn component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
ww-client/microsoft-edge to version: 124.0.6367.155
www-client/chromium to version: 124.0.6367.155
www-client/google-chrome to version: 124.0.2478.97
www-client/microsoft-edge to version: 110.0.5130.35
www-client/opera to version:
Gentoo Linux: All versions
www-client/microsoft-edge: before 110.0.5130.35
www-client/google-chrome: before 124.0.2478.97
www-client/chromium: before 124.0.6367.155
ww-client/microsoft-edge: before 124.0.6367.155
www-client/opera: before 73.0.3856.284
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:ww-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_opera:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202412-05
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Use-after-free
EUVDB-ID: #VU89232
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-4558
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the ANGLE component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
ww-client/microsoft-edge to version: 124.0.6367.155
www-client/chromium to version: 124.0.6367.155
www-client/google-chrome to version: 124.0.2478.97
www-client/microsoft-edge to version: 110.0.5130.35
www-client/opera to version:
Gentoo Linux: All versions
www-client/microsoft-edge: before 110.0.5130.35
www-client/google-chrome: before 124.0.2478.97
www-client/chromium: before 124.0.6367.155
ww-client/microsoft-edge: before 124.0.6367.155
www-client/opera: before 73.0.3856.284
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:ww-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_opera:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202412-05
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Heap-based buffer overflow
EUVDB-ID: #VU89233
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-4559
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in WebAudio. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
ww-client/microsoft-edge to version: 124.0.6367.155
www-client/chromium to version: 124.0.6367.155
www-client/google-chrome to version: 124.0.2478.97
www-client/microsoft-edge to version: 110.0.5130.35
www-client/opera to version:
Gentoo Linux: All versions
www-client/microsoft-edge: before 110.0.5130.35
www-client/google-chrome: before 124.0.2478.97
www-client/chromium: before 124.0.6367.155
ww-client/microsoft-edge: before 124.0.6367.155
www-client/opera: before 73.0.3856.284
CPE2.3- cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:www-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_google-chrome:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_chromium:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:ww-client_microsoft-edge:*:*:*:*:*:gentoo_linux:*:*
- cpe:2.3:o:gentoo:www-client_opera:*:*:*:*:*:gentoo_linux:*:*
http://security.gentoo.org/glsa/202412-05
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
