CVE-2024-7971

Опубликовано: 21 авг. 2024

Источник: redhat

CVSS3: 9.6

EPSS Низкий

Описание

Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

A type confusion vulnerability was found in the Chromium web browser. This flaw allows an unauthenticated, remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

Отчет

Chromium is not shipped in any supported Red Hat offerings.

Меры по смягчению последствий

Until updated packages are released for Fedora and EPEL, consider temporarily swapping to an alternative web browser such as Firefox or severely restricting activity to sites you know well and trust.

Ссылки на источники

https://www.cve.org/CVERecord?id=CVE-2024-7971

Дополнительная информация

Статус:

Important

Дефект:

CWE-843

https://bugzilla.redhat.com/show_bug.cgi?id=2307092chromium-browser: Type confusion in V8 in Google Chrome allows a remote attacker to exploit heap corruption via a crafted HTML page

EPSS

Процентиль: 57%

0.00351

Низкий

9.6 Critical

CVSS3

Связанные уязвимости

CVE-2024-7971

CVSS3: 9.6

ubuntu

10 месяцев назад

Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2024-7971

CVSS3: 9.6

nvd

10 месяцев назад

Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2024-7971

msrc

10 месяцев назад

Chromium: CVE-2024-7971 Type confusion in V8

CVE-2024-7971

CVSS3: 9.6

debian

10 месяцев назад

Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a ...

openSUSE-SU-2024:0275-1

suse-cvrf

10 месяцев назад

Security update for opera

EPSS

Процентиль: 57%

0.00351

Низкий

9.6 Critical

CVSS3