8.8
CVE-2024-7965
- EPSS 14.74%
- Published 21.08.2024 21:15:08
- Last modified 18.09.2024 12:40:05
- Source chrome-cve-admin@google.com
- Teams watchlist Login
- Open Login
Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Data is provided by the National Vulnerability Database (NVD)
Microsoft ≫ Edge Chromium Version < 128.0.2739.42
28.08.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog
Google Chromium V8 Inappropriate Implementation Vulnerability
VulnerabilityGoogle Chromium V8 contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
DescriptionApply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Required actions| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 14.74% | 0.942 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-358 Improperly Implemented Security Check for Standard
The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.