CVE-2023-7024
CVE-2023-7024
In short
A flaw in Google Chrome's WebRTC feature allows attackers to corrupt memory through a specially crafted webpage, potentially crashing your browser or enabling more serious attacks.
Technical detail
Heap buffer overflow in WebRTC component allows remote code execution or denial of service via crafted HTML. Attack requires user interaction (visiting malicious page); impacts memory integrity and sandbox bypass potential.
Summary generated and translated by AI from the official description.
Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Google · Chromepublic PoCs found — 2
githubgithub.com/aka76bm/chrome-emergency-update★ 1githubgithub.com/aka76bm/google-chrome-emergency-update★ 1⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_20.htmlhttps://crbug.com/1513170https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6M6AJDHUL6EDPURWQXGLUFJNDE7SOJT3/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6JL4VHZMHFGEGQYTF74533ZNRWMCMMR/https://security.gentoo.org/glsa/202401-34https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-7024https://www.debian.org/security/2023/dsa-5585