CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3157
https://notcve.org/view.php?id=CVE-2024-3157
Out of bounds memory access in Compositing in Google Chrome prior to 123.0.6312.122 allowed a remote attacker who had compromised the GPU process to potentially perform a sandbox escape via specific UI gestures. (Chromium security severity: High) El acceso a la memoria fuera de los límites en Compositing en Google Chrome anterior a 123.0.6312.122 permitía a un atacante remoto que había comprometido el proceso de la GPU realizar potencialmente un escape de la zona de pruebas mediante gestos específicos de la interfaz de usuario. (Severidad de seguridad de Chrome: alta) • https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_10.html https://issues.chromium.org/issues/331237485 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EW66LXDACTB5FCHLUPZOGD2KA2J62Q2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVEJEW7UCSUSK2J2FYQRZZPI74P2D3JP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDHNEFD76ORM7WBWAEZT6HSYDMZVIED4 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3156
https://notcve.org/view.php?id=CVE-2024-3156
Inappropriate implementation in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) La implementación inapropiada en V8 en Google Chrome anterior a 123.0.6312.105 permitió a un atacante remoto realizar potencialmente un acceso a la memoria fuera de los límites a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) • https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop.html https://issues.chromium.org/issues/329130358 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVEJEW7UCSUSK2J2FYQRZZPI74P2D3JP • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3158
https://notcve.org/view.php?id=CVE-2024-3158
Use after free in Bookmarks in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Use after free en Bookmarks de Google Chrome anterior a 123.0.6312.105 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) • https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop.html https://issues.chromium.org/issues/329965696 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVEJEW7UCSUSK2J2FYQRZZPI74P2D3JP • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3159 – Google Chrome V8 Enum Cache Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-3159
Out of bounds memory access in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) El acceso a memoria fuera de los límites en V8 en Google Chrome anterior a 123.0.6312.105 permitía a un atacante remoto realizar lectura/escritura arbitraria a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) This vulnerability allows remote attackers to execute arbitrary code on affected installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the enum cache in V8. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. • https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop.html https://issues.chromium.org/issues/330760873 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVEJEW7UCSUSK2J2FYQRZZPI74P2D3JP • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 3CVE-2024-2887 – Google Chrome WASM Improper Input Validation Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-2887
Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) Type Confusion en WebAssembly en Google Chrome anterior a 123.0.6312.86 permitía a un atacante remoto ejecutar código arbitrario a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) This vulnerability allows remote attackers to execute arbitrary code on affected installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of WebAssembly. By specifying a large number of structures, an attacker can cause the compiler to emit unsafe code. • https://github.com/rycbar77/CVE-2024-2887 https://github.com/PumpkinBridge/Chrome-CVE-2024-2887-RCE-Poc https://github.com/PumpkinBridge/Chrome-CVE-2024-2887-RCE-POC https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_26.html https://issues.chromium.org/issues/330588502 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YUWGSMA5X2NQP5XEFCLRWNX6246GZ2C https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G3R •