CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-10488

Medium Severity
Google
SVRS
36/100
CVSSv3
8.8/10
EPSS
0.00221/1

CVE-2024-10488 is a use-after-free vulnerability in Google Chrome's WebRTC implementation. Prior to version 130.0.6723.92, a remote attacker could exploit heap corruption by crafting a malicious HTML page. The Chromium security severity is rated as High. While the CVSS score is 8.8, SOCRadar's Vulnerability Risk Score (SVRS) is 36, indicating a lower, but still noteworthy risk level, despite the vulnerability being tagged as "In The Wild". This discrepancy suggests that while the vulnerability is being actively exploited, the scope or impact may be limited at this time. Organizations should still prioritize patching to mitigate the risk of potential exploitation and data breaches. This flaw could allow attackers to execute arbitrary code or cause a denial-of-service condition.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:R
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-10-29
LAST MODIFIED2025-01-02

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-10488 | Google Chrome up to 130.0.6723.69 WebRTC use after free (ID 374310 / Nessus ID 209880)
vuldb.com2025-03-02
CVE-2024-10488 | Google Chrome up to 130.0.6723.69 WebRTC use after free (ID 374310 / Nessus ID 209880) | A vulnerability was found in Google Chrome and classified as critical. Affected by this issue is some unknown functionality of the component WebRTC. The manipulation leads to use after free. This vulnerability is handled as CVE-2024-10488. The attack may be launched remotely. There is no
vuldb.com
rss
forum
news
Google fixed a critical vulnerability in Chrome browser - Security Affairs
2024-10-30
Google fixed a critical vulnerability in Chrome browser - Security Affairs | News Content: Google addressed a critical vulnerability in its Chrome browser, tracked as CVE-2024-10487, which was reported by Apple. Google has patched a critical Chrome vulnerability, tracked as CVE-2024-10487, reported by Apple Security Engineering and Architecture (SEAR) on October 23, 2024. The vulnerability is an out-of-bounds write issue that resides in the Dawn implementation. Dawn is an open-source and cross-platform implementation of the WebGPU standard. More precisely it implements webgpu. h that is a one-to-one mapping with the WebGPU IDL
google.com
rss
forum
news
Patch now! New Chrome update for two critical vulnerabilities
2024-10-30
Patch now! New Chrome update for two critical vulnerabilities | Chrome issued a security update that patches two critical vulnerabilities. One of which was reported by AppleGoogle has released an update for its Chrome browser which includes patches for two critical vulnerabilities. The update brings the Stable channel to versions 130.0.6723.91/.92 for Windows and Mac and 130.0.6723.91 for Linux. The easiest way to update Chrome is to allow
malwarebytes.com
rss
forum
news
Google fixed a critical vulnerability in Chrome browser
Pierluigi Paganini2024-10-30
Google fixed a critical vulnerability in Chrome browser | Google addressed a critical vulnerability in its Chrome browser, tracked as CVE-2024-10487, which was reported by Apple. Google has patched a critical Chrome vulnerability, tracked as CVE-2024-10487, reported by Apple Security Engineering and Architecture (SEAR) on October 23, 2024. The vulnerability is an out-of-bounds write issue that resides in the Dawn implementation. Dawn is an open-source […] Google addressed a
securityaffairs.co
rss
forum
news
Critical Chrome Security Update: Patch for Out-of-Bounds & WebRTC Vulnerability
Guru Baran2024-10-30
Critical Chrome Security Update: Patch for Out-of-Bounds &amp; WebRTC Vulnerability | Google has rolled out a critical security update for its Chrome browser, addressing significant vulnerabilities that attackers could exploit. The update brings the Stable channel to versions 130.0.6723.91/.92 for Windows and Mac and 130.0.6723.91 for Linux. Similarly, the Extended Stable channel has been updated to 130.0.6723.92 for Windows and Mac, with the rollout expected to [&#8230;] The post Critical Chrome Security Update: Patch for Out-of-Bounds &amp; WebRTC Vulnerability<
cybersecuritynews.com
rss
forum
news
Stable Channel Update for Desktop
Daniel Yip ([email protected])2024-10-29
Stable Channel Update for Desktop | The Stable channel has been updated to 130.0.6723.91/.92 for Windows, Mac and 130.0.6723.91 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.<
blogger.com
rss
forum
news

Social Media

CVE-2024-10488: Critical WebRTC Vulnerability Exposed https://t.co/uTY1iSDHnS
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppGooglechrome

References

ReferenceLink
[email protected]https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_29.html
[email protected]https://issues.chromium.org/issues/374310077
GITHUBhttps://issues.chromium.org/issues/374310077

CWE Details

CWE IDCWE NameDescription
CWE-416Use After FreeReferencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence