CVERadar
CVE-2024-0225
Deep CVE Analysis in Progress
The system is currently conducting an in-depth analysis of the selected CVE. This includes advanced correlation, vulnerability classification, and cross-referencing with real-time threat intelligence sources. Once the analysis is complete, the page will automatically update with enriched vulnerability data and actionable insights.
Security Intelligence Brief
- Published Date: 2024-01-04 01:56:14 UTC
- Modified Date: 2025-06-18 15:42:21 UTC
- Vendor: Google
- Product: Google Chrome
- Affected Component: WebGPU
- Affected Versions: All versions of Google Chrome prior to 120.0.6099.199 are vulnerable.
- Technical Root Cause: The root cause is a 'use after free' error (CWE-416) within the WebGPU component. This occurs when an application continues to use a pointer to memory that has already been deallocated, leading to unpredictable behavior, including data corruption or arbitrary code execution.
- Attack Vector: The attack vector is remote. An attacker can exploit this by enticing a user to visit a crafted HTML page. This typically involves web-based attacks such as phishing, malicious advertisements, or compromised legitimate websites.
- Patch Availability: Google has released a patch for this vulnerability. Users should update their Chrome browser to version 120.0.6099.199 or later.
- General Mitigation: Users should always ensure their web browsers and operating systems are kept up-to-date with the latest security patches to protect against known vulnerabilities.
chrome://version or chrome://settings/help in their browser.- CVE Identifier: CVE-2024-0225
- Chromium Security Advisory: The description notes "Chromium security severity: High," indicating an official advisory from the Chromium project or Google detailing the issue. These advisories typically accompany the release of patched browser versions.
Risk Assessment: The risk associated with CVE-2024-0225 is High, as indicated by its CVSS score of 8.8. This vulnerability allows for remote code execution (via heap corruption) simply by visiting a malicious web page. Given the widespread use of Google Chrome, the potential for a broad impact is significant. Successful exploitation could lead to:
- Compromise of user data
- Installation of malicious software
- Complete system control by an attacker
- Denial of service
Urgency Level: The urgency level is Critical. Immediate action is required to mitigate this threat. Users and organizations should prioritize updating all instances of Google Chrome to version 120.0.6099.199 or newer as quickly as possible. Exploitation of such browser vulnerabilities is common in targeted attacks and can also be incorporated into broader campaigns.
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNTCVE Radar
Real-time CVE Intelligence & Vulnerability Management Platform
CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.