INFESA-2024:0003: chromium security update (Important)
Information about definition
Identificator: INFESA-2024:0003
Type: security
Release date: 2024-09-11 18:13:38 UTC
Information about package
Chromium is an open-source web browser, powered by WebKit (Blink)
Vulnerabilities description
- CVE-2024-7970
Out of bounds write in V8 in Google Chrome prior to 128.0.6613.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-8362
Use after free in WebAudio in Google Chrome prior to 128.0.6613.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-7970
|
no information | 8.8 | no information |
|
NIST — CVE-2024-8362
|
no information | 8.8 | no information |
Updated packages