CVE-2024-0808

CRITICAL

Google Chrome <121.0.6167.85 - Heap Corruption

Title source: llm

Description

Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High)

References (4)

[Release Notes, Vendor Advisory] https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html

[Permissions Required] https://crbug.com/1504936

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/[email protected]/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/[email protected]/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/

Scores

CVSS v3 9.8

EPSS 0.0034

EPSS Percentile 57.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-191

Status published

Products (4)

debian/debian_linux 11.0

fedoraproject/fedora 38

fedoraproject/fedora 39

google/chrome < 121.0.6167.85

Published Jan 24, 2024

Tracked Since Feb 18, 2026