CVE-2024-3837

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-3837
Use after free in QUIC in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html Vendor Advisory
https://issues.chromium.org/issues/41491379 Permissions Required
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/
Configurations

Configuration 1 (hide)

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
History

03 May 2024, 03:16

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/ -

28 Apr 2024, 04:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ/ -

23 Apr 2024, 18:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/ -

23 Apr 2024, 02:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/ -

21 Apr 2024, 04:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/ -

19 Apr 2024, 17:20

Type Values Removed Values Added
First Time Google
Google chrome
CWE CWE-416
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.8
References () https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html - () https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html - Vendor Advisory
References () https://issues.chromium.org/issues/41491379 - () https://issues.chromium.org/issues/41491379 - Permissions Required
CPE cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

17 Apr 2024, 12:48

Type Values Removed Values Added
Summary
  • (es) Use after free en QUIC en Google Chrome anterior a 124.0.6367.60 permitía a un atacante remoto que había comprometido el proceso de renderizado explotar potencialmente la corrupción del montón a través de una página HTML manipulada. (Severidad de seguridad de Chromium: media)

17 Apr 2024, 08:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-04-17 08:15

Updated : 2024-05-03 03:16

NVD link : CVE-2024-3837

Mitre link : CVE-2024-3837

CVE.ORG link : CVE-2024-3837

JSON object : View

Products Affected

google

  • chrome
CWE
CWE-416

Use After Free