Описание
Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
A flaw was found in chromium. A type confusion vulnerability in the V8 JavaScript engine allows a remote attacker to achieve arbitrary read and write operations via a specially crafted HTML page. This allows an attacker to potentially manipulate memory contents. The exploitation vector involves the processing of malicious HTML content. This can lead to arbitrary code execution.
Отчет
Chromium is not shipped in any supported Red Hat offerings.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Ссылки на источники
Дополнительная информация
Статус:
EPSS
8.8 High
CVSS3
Связанные уязвимости
Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a ...
Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю получить доступ на чтение и запись произвольных файлов
EPSS
8.8 High
CVSS3