VDB
CVE-2024-2176
CVE-2024-2176
PUBLISHED
In Google Chrome und Microsoft Edge bestehen mehrere Schwachstellen. Diese Fehler bestehen in den V8- und FedCM-Komponenten aufgrund eines Out-of-bounds-Speicherzugriffs und eines Use-after-free-Problems. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.
EPSS 1.33% · 80.3th percentile
Risk Scores
EPSS Score
1.33%
80.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Google Chrome <122.0.6261.111 | ||
| Google Chrome <122.0.6261.112 | ||
| Microsoft | Microsoft Edge <123.0.2420.65 | |
| IGEL | IGEL OS 11 | |
| Debian | Debian Linux | |
| Gentoo | Gentoo Linux | |
| IGEL | IGEL OS 12 | |
| Microsoft | Microsoft Edge <122.0.2365.113 | |
| Fedora | Fedora Linux | |
| Microsoft | Microsoft Edge <122.0.2365.80 |
Exploit Intelligence
- CIRCL seen: CVE-2024-2176 (circl-sighting)
- CIRCL seen: CVE-2024-2176 (circl-sighting)
- CIRCL seen: CVE-2024-2176 (circl-sighting)
- CIRCL seen: CVE-2024-2176 (circl-sighting)
- https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop.html (circl)
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OYEGSHTMXIPXD5OW5CXVWQS3ZUBCBSXG/ (circl)
- https://issues.chromium.org/issues/325936438 (nist-nvd)
Timeline
- Mar 5, 2024 CVE Published
- Mar 6, 2024 PoC Published
- Mar 6, 2024 PoC Published
- Mar 7, 2024 EPSS Score
- Mar 7, 2024 PoC Published
- Mar 8, 2024 PoC Published
- Apr 2, 2024 EPSS Score
- Apr 28, 2024 EPSS Score
- May 25, 2024 EPSS Score
- Jun 20, 2024 EPSS Score
- Jul 16, 2024 EPSS Score
- Aug 15, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0557.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0557 advisory
- https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop.html advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2024-80032b2fed advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2024-f781c993fe advisory
- https://lists.debian.org/debian-security-announce/2024/msg00042.html advisory
- https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security#march-7-2024 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-a461023d55 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2024-5dacab5f00 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-c8094838a7 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-0128b1edbe advisory
- https://kb.igel.com/securitysafety/en/isn-2024-07-chromium-vulnerabilities-119870009.html advisory
- https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security#march-29-2024 advisory
- https://security.gentoo.org/glsa/202412-05 advisory