8.8
CVE-2024-0519
- EPSS 0.23%
- Published 16.01.2024 22:15:37
- Last modified 20.12.2024 19:01:11
- Source chrome-cve-admin@google.com
- Teams watchlist Login
- Open Login
Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Data is provided by the National Vulnerability Database (NVD)
Fedoraproject ≫ Fedora Version38
Fedoraproject ≫ Fedora Version39
Couchbase ≫ Couchbase Server Version < 7.2.5
17.01.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog
Google Chromium V8 Out-of-Bounds Memory Access Vulnerability
VulnerabilityGoogle Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
DescriptionApply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Required actions| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.23% | 0.453 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-125 Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.