CVE-2024-3833

Advisory lineage Upstream: 0 Downstream: 5

Downstream

DEBIAN-CVE-2024-3833 DSA-5668-1 OPENSUSE-SU-2024:0128-1 OPENSUSE-SU-2024:0156-1 OPENSUSE-SU-2024:13953-1

Analyzed

Published: 17 Apr 2024, 07:46

Last modified:13 Feb 2025, 17:53

Vulnerability Summary

Overall Risk (default)

medium

46/100

CVSS Score

8.8 HIGH

v3.1 (cve.org)

EPSS Score

4.15% LOW

4% probability +0.11%

KEV

Not listed

Ransomware

No reports

Public exploits

1 found

Dark Web

Not detected

Timeline

17 Apr 2024, 07:46

Published

Vulnerability first disclosed

13 Feb 2025, 17:53

Last Modified

Vulnerability information updated

Description

Object corruption in WebAssembly in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

CVSS Metrics

v3.1•HIGH•Score: 8.8CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 4.15%• Percentile: 89%

Techniques & Countermeasures

CWE-374•Passing Mutable Objects to an Untrusted Method
The product sends non-cloned mutable data as an argument to a method or function.

Affected Systems

fedoraproject•fedora
38 | 39 | 40
Unknown•Chrome
≥ 124.0.6367.60, < 124.0.6367.60 | < 124.0.6367.60