VDB
CVE-2024-7966
CVE-2024-7966
PUBLISHED
Es bestehen mehrere Schwachstellen in verschiedenen Komponenten von Google Chrome, darunter V8, Views und PDFium. Zu den Hauptursachen gehören verschiedene Probleme bei der Speicherverwaltung sowie Fehler bei der Implementierung und Durchsetzung von Richtlinien. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, UI-Spoofing zu betreiben, Sicherheitsmechanismen zu umgehen und möglicherweise andere nicht spezifizierte Auswirkungen zu haben. Eine erfolgreiche Ausnutzung erfordert eine Benutzeraktion, wie das Laden einer speziell gestalteten Webseite.
EPSS 0.85% · 75.3th percentile
Risk Scores
EPSS Score
0.85%
75.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Google Chrome <128.0.6613.85 | ||
| Microsoft | Microsoft Edge <128.0.2739.42 | |
| Debian | Debian Linux | |
| Google Chrome <128.0.6613.84 | ||
| Microsoft | Microsoft Edge Android | |
| SUSE | SUSE openSUSE |
Exploit Intelligence
- PoC for a Chrome SKSL bypass + integer overflow -> OOB write vulnerability I reported to Google in Skia. (github-poc-repo)
- PoC for a Chrome SKSL bypass + integer overflow -> OOB write vulnerability I reported to Google in Skia. (github-poc-repo)
- PoC for a Chrome SKSL bypass + integer overflow -> OOB write vulnerability I reported to Google in Skia. (github-poc-repo)
- PoC for a Chrome SKSL bypass + integer overflow -> OOB write vulnerability I reported to Google in Skia. (github-poc-repo)
- PoC for a Chrome SKSL bypass + integer overflow -> OOB write vulnerability I reported to Google in Skia. (github-poc-repo)
- PoC for a Chrome SKSL bypass + integer overflow -> OOB write vulnerability I reported to Google in Skia. (github-poc-repo)
- PoC for a Chrome SKSL bypass + integer overflow -> OOB write vulnerability I reported to Google in Skia. (github-poc-repo)
- PoC for a Chrome SKSL bypass + integer overflow -> OOB write vulnerability I reported to Google in Skia. (github-poc-repo)
- PoC for a Chrome SKSL bypass + integer overflow -> OOB write vulnerability I reported to Google in Skia. (github-poc-repo)
- PoC for a Chrome SKSL bypass + integer overflow -> OOB write vulnerability I reported to Google in Skia. (github-poc)
…and 7 more exploits
Timeline
- Aug 21, 2024 CVE Published
- Aug 22, 2024 EPSS Score
- Aug 27, 2024 CVE Updated
- Sep 12, 2024 EPSS Score
- Oct 2, 2024 EPSS Score
- Oct 5, 2024 Coalition ESS Score
- Nov 12, 2024 EPSS Score
- Dec 4, 2024 EPSS Score
- Dec 24, 2024 EPSS Score
- Jan 14, 2025 EPSS Score
- Feb 24, 2025 EPSS Score
- Mar 16, 2025 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1901.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1901 advisory
- https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html advisory
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/QKC6ROFWBIXXM5S5SYRWQ74OU24BX5KT/ advisory
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/G5G3DFUIZH3E3T5UIPSI3LSGCI5KE3NF/ advisory
- https://lists.debian.org/debian-security-announce/2024/msg00170.html advisory
- https://lists.debian.org/debian-security-announce/2024/msg00174.html advisory
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/RIZKO6CBLHDIQSHSR5OD4LHRUHJOZWTG/ advisory
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RIZKO6CBLHDIQSHSR5OD4LHRUHJOZWTG/ advisory
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/TJMLQH7THP267EBNFZ3ECENLIIFCBW5H/ advisory
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/GYIF7RESU4PKGREHH5YVHUYYGB57P4CQ/ advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1917.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1917 advisory
- https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security#august-22-2024 advisory