Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.6
CVSSv3

CVE-2024-4671

Published: 14/05/2024 Updated: 16/05/2024
CVSS v3 Base Score: 9.6 | Impact Score: 6 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Chrome

Vulnerability Summary

Use after free in Visuals in Google Chrome before 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

google chrome

Vendor Advisories

Google Chrome: Long Term Support Channel Update for ChromeOS
LTS-120 is being updated in the LTS (Long Term Support) channel, version 12006099310 (Platform Version: 156621070), for most ChromeOS devices Release notes for LTS-120 can be found here Want to know more about Long-term Support? Click hereThis update contains selective Security fixes, including:Chrome Browser Security Fixes3392 ...
Google Chrome: Stable Channel Update for Desktop
The Stable channel has been updated to 12406367201/202 for Mac and Windows and 12406367201 for Linux which will roll out over the coming days/weeks A full list of changes in this build is available in the LogThe Extended Stable channel has been updated to 12406367201 for Mac and Windows which will ...

Github Repositories

https://github.com/apiverve/news.NET-API

News API is a simple tool for scraping news data. It returns the news title, description, and more.. This is a .NET API Client for the News API.

News API News API is a simple tool for scraping news data It returns the news title, description, and more This is a NET Wrapper for the News API Installation Using the NET CLI: dotnet add package APIVerveAPINews Using the Package Manager: nuget install APIVerveAPINews Using the Package

https://github.com/apiverve/news-API

News API is a simple tool for scraping news data. It returns the news title, description, and more.

News API News API is a simple tool for scraping news data It returns the news title, description, and more This is a Javascript Wrapper for the News API Installation npm install @apiverve/news --save Configuration Before using the news API client, you have to setup your account and obtain your API Key You can get it by signing up a

Recent Articles

Google fixes third actively exploited Chrome zero-day in a week
BleepingComputer • Sergiu Gatlan • 15 May 2024

Google fixes third actively exploited Chrome zero-day in a week By Sergiu Gatlan May 15, 2024 06:36 PM 2 ​Google has released a new emergency Chrome security update to address the third zero-day vulnerability exploited in attacks within a week. "Google is aware that an exploit for CVE-2024-4947 exists in the wild," the search giant said in a security advisory published on Wednesday. The high-severity zero-day vulnerability (CVE-2024-4947) is caused by a type confusion weakness in the Chrome V8...

Read more...
Google patches third exploited Chrome zero-day in a week
BleepingComputer • Sergiu Gatlan • 15 May 2024

Google patches third exploited Chrome zero-day in a week By Sergiu Gatlan May 15, 2024 06:36 PM 0 ​Google has released a new emergency Chrome security update to address the third zero-day vulnerability exploited in attacks within a week. "Google is aware that an exploit for CVE-2024-4947 exists in the wild," the search giant said in a security advisory published on Wednesday. The company fixed the zero-day flaw with the release of 125.0.6422.60/.61 for Mac/Windows and 125.0.6422.60 (Linux). Th...

Read more...
Google Chrome emergency update fixes 6th zero-day exploited in 2024
BleepingComputer • Bill Toulas • 14 May 2024

Google Chrome emergency update fixes 6th zero-day exploited in 2024 By Bill Toulas May 14, 2024 04:10 AM 0 Google has released emergency security updates for the Chrome browser to address a high-severity zero-day vulnerability tagged as exploited in attacks. This fix comes only three days after Google addressed another zero-day vulnerability in Chrome, CVE-2024-4671, caused by a use-after-free weakness in the Visuals component. The latest bug is tracked as CVE-2024-4761. It is an out-of-bounds w...

Read more...
Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws
BleepingComputer • Lawrence Abrams • 14 May 2024

Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws By Lawrence Abrams May 14, 2024 01:49 PM 0 .crit { font-weight:bold; color:red; } .article_section td { font-size: 14px!important; } Today is Microsoft's May 2024 Patch Tuesday, which includes security updates for 61 flaws and three actively exploited or publicly disclosed zero days. This Patch Tuesday only fixes one critical vulnerability, a Microsoft SharePoint Server Remote Code Execution Vulnerability. The number of bugs in each vu...

Read more...
Google fixes fifth Chrome zero-day exploited in attacks this year
BleepingComputer • Bill Toulas • 10 May 2024

Google fixes fifth Chrome zero-day exploited in attacks this year By Bill Toulas May 10, 2024 04:08 AM 0 ​Google has released a security update for the Chrome browser to fix the fifth zero-day vulnerability exploited in the wild since the start of the year. The high-severity issue tracked as CVE-2024-4671 is a “user after free” vulnerability in the Visuals component that handles the rendering and display of content on the browser. CVE-2024-4671 was discovered and reported to Google by an a...

Read more...

References

CWE-416https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_9.htmlhttps://issues.chromium.org/issues/339266700https://nvd.nist.govhttps://github.com/apiverve/news.NET-APIhttps://chromereleases.googleblog.com/2024/05/long-term-support-channel-update-for.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injectionCVE-2024-35894SQLCVE-2024-5105CVE-2014-100005CVE-2024-35895unauthorizedCVE-2024-22120CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook