VDB
CVE-2024-8636
CVE-2024-8636
PUBLISHED
Es bestehen mehrere Schwachstellen in Google Chrome und Microsoft Edge. Diese betreffen unter anderem die Komponenten V8 und SKIA aufgrund von Heap- Buffer Overflows, Use-After-Free Fehlern und Typkonfusion. Ein entfernter, anonymer Angreifer kann diese Schwachstellen zur Ausführung von beliebigem Code ausnutzen oder nicht näher beschriebene Auswirkungen erzielen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.
EPSS 0.49% · 66.2th percentile
Risk Scores
EPSS Score
0.49%
66.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| IGEL | IGEL OS 12 | |
| Debian | Debian Linux | |
| Google Chrome <128.0.6613.137 | ||
| SUSE | SUSE openSUSE | |
| IGEL | IGEL OS 11 | |
| Microsoft | Microsoft Edge <128.0.2739.79 | |
| Google Chrome <128.0.6613.138 | ||
| Fedora | Fedora Linux |
Exploit Intelligence
- PoC for a Chrome integer overflow -> OOB write vulnerability I reported to Google in Skia. (github-poc-repo)
- PoC for a Chrome integer overflow -> OOB write vulnerability I reported to Google in Skia. (github-poc-repo)
- PoC for a Chrome integer overflow -> OOB write vulnerability I reported to Google in Skia. (github-poc-repo)
- PoC for a Chrome integer overflow -> OOB write vulnerability I reported to Google in Skia. (github-poc-repo)
- PoC for a Chrome integer overflow -> OOB write vulnerability I reported to Google in Skia. (github-poc-repo)
- PoC for a Chrome integer overflow -> OOB write vulnerability I reported to Google in Skia. (github-poc-repo)
- PoC for a Chrome integer overflow -> OOB write vulnerability I reported to Google in Skia. (github-poc-repo)
- PoC for a Chrome integer overflow -> OOB write vulnerability I reported to Google in Skia. (github-poc-repo)
- PoC for a Chrome integer overflow -> OOB write vulnerability I reported to Google in Skia. (github-poc-repo)
- PoC for a Chrome integer overflow -> OOB write vulnerability I reported to Google in Skia. (github-poc)
…and 7 more exploits
Timeline
- Sep 10, 2024 CVE Published
- Sep 12, 2024 EPSS Score
- Oct 2, 2024 EPSS Score
- Oct 5, 2024 Coalition ESS Score
- Oct 22, 2024 EPSS Score
- Oct 27, 2024 CVE Updated
- Nov 10, 2024 EPSS Score
- Nov 30, 2024 EPSS Score
- Dec 21, 2024 EPSS Score
- Jan 10, 2025 EPSS Score
- Jan 30, 2025 EPSS Score
- Feb 18, 2025 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-2107.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-2107 advisory
- https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_10.html advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2024-37f95ce86b advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-1434b533be advisory
- https://lists.debian.org/debian-security-announce/2024/msg00181.html advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2024-0a4a65f805 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2024-9e85c72624 advisory
- https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security#september-12-2024 advisory
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/X5R3A7VNTZ3JKV7YDW56C7TEUFBJLNKE/ advisory
- https://kb.igel.com/security-safety/current/isn-2024-20-chromium-vulnerabilities advisory
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/GYIF7RESU4PKGREHH5YVHUYYGB57P4CQ/ advisory