CVERadar

CVE-2024-0225

Critical Severity

Google

SVRS

77/100

CVSSv3

8.8/10

EPSS

0.00565/1

CVE-2024-0225 is a use-after-free vulnerability affecting Google Chrome's WebGPU implementation. Before version 120.0.6099.199, this flaw allowed a remote attacker to potentially cause heap corruption through a specially crafted HTML page. While the CVSS score is 8.8 (High), the SOCRadar Vulnerability Risk Score (SVRS) is 77, indicating a significant risk level that warrants close attention. A successful exploit could lead to arbitrary code execution or denial of service. This Chrome vulnerability highlights the ongoing challenges in maintaining memory safety in complex browser components. Organizations should prioritize updating Chrome installations to mitigate this threat. The use-after-free vulnerability makes the system unstable and exploitable.

TAGS

No tags available

VECTOR STRING

CVSS:3.1

AV:N

AC:L

PR:N

UI:R

S:U

C:H

I:H

A:H

PUBLICATION DATE2024-01-04

LAST MODIFIED2024-01-31

SOCRadar

AI Insight

Description:

CVE-2024-0225 is a use-after-free vulnerability in WebGPU in Google Chrome prior to 120.0.6099.199. This vulnerability allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. The CVSS score for this vulnerability is 0, indicating a low severity level. However, the SOCRadar Vulnerability Risk Score (SVRS) for this vulnerability is 0, indicating a critical vulnerability that requires immediate action.

Key Insights:

The vulnerability is a use-after-free issue, which is a common type of memory corruption vulnerability that can lead to arbitrary code execution.
The vulnerability can be exploited remotely via a crafted HTML page, making it easy for attackers to target users.
The vulnerability affects Google Chrome prior to version 120.0.6099.199, which is a widely used web browser.

Mitigation Strategies:

Update Google Chrome to version 120.0.6099.199 or later.
Use a web browser that is not affected by this vulnerability, such as Firefox or Microsoft Edge.
Enable security features in your web browser, such as sandboxing and exploit mitigations.
Be cautious when clicking on links or opening attachments in emails from unknown senders.

Additional Information:

Threat Actors/APT Groups: There is no information available about specific threat actors or APT groups actively exploiting this vulnerability.
Exploit Status: There is no information available about active exploits for this vulnerability.
CISA Warnings: The Cybersecurity and Infrastructure Security Agency (CISA) has not issued a warning about this vulnerability.
In the Wild: There is no information available about whether this vulnerability is being actively exploited by hackers.

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT

CVE Details

Access comprehensive CVE information instantly

Real-time Tracking

Subscribe to CVEs and get instant updates

Exploit Analysis

Monitor related APT groups and threats

IOC Tracking

Analyze and track CVE-related IOCs

News

The January 2024 Security Update Review

Dustin Childs2024-01-09

The January 2024 Security Update Review | Welcome to the first patch Tuesday of 2024. As expected, Microsoft and Adobe have released their latest security patches. Take a break from your other activities and join us as we review the details of their latest advisories. If you’d rather watch the video recap, you can check it out here: Adobe Patches for January 2024For January, Adobe released a single patch addressing six CVEs in <a

cve-2024-21307

cve-2024-20700

cve-2024-21313

cve-2024-20696

Social Media

No tweets found for this CVE

Affected Software

Configuration 1

Type	Vendor	Product
App	Google	chrome

Configuration 2

Type	Vendor	Product
OS	Fedoraproject	fedora

References

Reference	Link
[email protected]	https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html
[email protected]	https://crbug.com/1506923
[email protected]	https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html
[email protected]	https://crbug.com/1506923
[email protected]	https://lists.fedoraproject.org/archives/list/[email protected]/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/
[email protected]	https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html
[email protected]	https://crbug.com/1506923
[email protected]	https://lists.fedoraproject.org/archives/list/[email protected]/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/
[email protected]	https://lists.fedoraproject.org/archives/list/[email protected]/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/
[email protected]	https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html
[email protected]	https://crbug.com/1506923
[email protected]	https://lists.fedoraproject.org/archives/list/[email protected]/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/
[email protected]	https://lists.fedoraproject.org/archives/list/[email protected]/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/
[email protected]	https://security.gentoo.org/glsa/202401-34

CWE Details

CWE ID	CWE Name	Description
CWE-416	Use After Free	Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence