INFESA-2024:0004: chromium security update (Important)
Information about definition
Identificator: INFESA-2024:0004
Type: security
Release date: 2024-09-18 12:42:34 UTC
Information about package
Chromium is an open-source web browser, powered by WebKit (Blink)
Vulnerabilities description
- CVE-2024-8636
Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-8637
Use after free in Media Router in Google Chrome on Android prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-8638
Type Confusion in V8 in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-8639
Use after free in Autofill in Google Chrome on Android prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-8636
|
no information | 8.8 | no information |
|
NIST — CVE-2024-8637
|
no information | 8.8 | no information |
|
NIST — CVE-2024-8638
|
no information | 8.8 | no information |
|
NIST — CVE-2024-8639
|
no information | 8.8 | no information |
Updated packages