CVE-2024-3171 — Vulnetix

CVE-2024-3171 PUBLISHED CVSS 7.5 HIGH

Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)

EPSS 1.09% · 78.2th percentile

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score

1.09%

78.2th percentile

Affected Products

Vendor	Product	Versions
Google	Chrome	122.0.6261.57
google	chrome	0
google	chrome	0

Timeline

Jul 16, 2024 CVE Published
Jul 17, 2024 EPSS Score
Aug 1, 2024 CVE Updated
Aug 8, 2024 EPSS Score
Aug 29, 2024 EPSS Score
Oct 4, 2024 Coalition ESS Score
Oct 12, 2024 EPSS Score
Nov 3, 2024 EPSS Score
Nov 24, 2024 EPSS Score
Dec 17, 2024 EPSS Score
Jan 8, 2025 EPSS Score
Jan 30, 2025 EPSS Score

References

https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html url
https://issues.chromium.org/issues/41483350 url
https://nvd.nist.gov/vuln/detail/CVE-2024-3171 advisory

Open in Interactive Console →