CVE-2024-4671
CVE-2024-4671
In short
A flaw in Google Chrome's visual rendering allows an attacker who already controls the browser's renderer process to escape the security sandbox through a specially crafted webpage, potentially gaining full system access.
Technical detail
Use-after-free vulnerability in the Visuals component allows a compromised renderer process to bypass sandbox isolation via crafted HTML. The attacker must first compromise the renderer, then trigger memory access after object deallocation to achieve arbitrary code execution with elevated privileges.
Summary generated and translated by AI from the official description.
Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected products
Google · ChromeWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_9.htmlhttps://issues.chromium.org/issues/339266700https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BWFSZNNWSQYDRYKNLBDGEXXKMBXDYQ3F/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FAWEKDQTHPN7NFEMLIWP7YMIZ2DHF36N/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NTSN22LNYXMWHVTYNOYQVOY7VDZFHENQ/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSUWM73ZCXTN62AT2REYQDD5ZKPFMDZD/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-4671