Products
Google Chrome
- before 129.0.6668.70
Source
chrome-cve-admin@google.com
Tags
CVE-2024-9123 details
Published : Sept. 25, 2024, 1:15 a.m.
Last Modified : Sept. 25, 2024, 1:37 a.m.
Last Modified : Sept. 25, 2024, 1:37 a.m.
Description
Integer overflow in Skia in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7.1 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-190 | Integer Overflow or Wraparound | The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control. |
CWE-472 | External Control of Assumed-Immutable Web Parameter | The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable, such as hidden form fields. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
Base Score
7.1
Exploitability Score
2.8
Impact Score
4.2
Base Severity
HIGH
Vector String : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
References
URL | Source |
---|---|
https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_24.html | chrome-cve-admin@google.com |
https://issues.chromium.org/issues/365884464 | chrome-cve-admin@google.com |
This website uses the NVD API, but is not approved or certified by it.