VDB
CVE-2024-3156
CVE-2024-3156
PUBLISHED
Es existieren mehrere Schwachstellen in Google Chrome und Microsoft Edge aufgrund einer unsachgemäßen Implementierung und Fehlern bei Speicherzugriffen. Ein Angreifer kann diese Schwachstellen ausnutzen, um potenziell beliebigen Code auszuführen oder andere, nicht näher beschriebene Auswirkungen zu erzielen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
EPSS 1.24% · 79.6th percentile
Risk Scores
EPSS Score
1.24%
79.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian | Debian Linux | |
| Google Chrome <123.0.6312.105 | ||
| Fedora | Fedora Linux | |
| Google Chrome <123.0.6312.106 | ||
| Google Chrome <123.0.6312.107 | ||
| SUSE | SUSE openSUSE | |
| Gentoo | Gentoo Linux | |
| Microsoft | Microsoft Edge <123.0.2420.81 | |
| Microsoft | Microsoft Edge |
Exploit Intelligence
- CIRCL seen: CVE-2024-3156 (circl-sighting)
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U26WECLV5QAQVTIFAUDSRO6QX3NTHYVC/ (circl)
- https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop.html (circl)
- https://issues.chromium.org/issues/329130358 (circl)
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVEJEW7UCSUSK2J2FYQRZZPI74P2D3JP/ (circl)
Timeline
- Apr 2, 2024 CVE Published
- Apr 7, 2024 EPSS Score
- May 2, 2024 EPSS Score
- May 9, 2024 PoC Published
- Jun 22, 2024 EPSS Score
- Jul 17, 2024 EPSS Score
- Sep 5, 2024 EPSS Score
- Oct 1, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Oct 26, 2024 EPSS Score
- Dec 8, 2024 CVE Updated
- Dec 16, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0765.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0765 advisory
- https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop.html advisory
- https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security#april-3-2024 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2024-5e32ce95a3 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2024-39b249a59c advisory
- https://lists.debian.org/debian-security-announce/2024/msg00062.html advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2024-f92626814d advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-7bc0a1d338 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-fe061342ca advisory
- https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security#april-4-2024 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-3cb841c5f0 advisory
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2S7S4HVABEMIRHPQD4H3O6EA36PLCUCI/ advisory
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/2S7S4HVABEMIRHPQD4H3O6EA36PLCUCI/ advisory
- https://security.gentoo.org/glsa/202412-05 advisory