CVE-2024-4558 - Use After Free

Severity

96%

Complexity

27%

Confidentiality

100%

Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVSS 3.1 Base Score 9.6. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Demo Examples

Use After Free

CWE-416

The following example demonstrates the weakness.


               
}
free(buf3R2);

Use After Free

CWE-416

The following code illustrates a use after free error:


               
}
free(ptr);
logError("operation aborted before commit", ptr);

When an error occurs, the pointer is immediately freed. However, this pointer is later incorrectly used in the logError function.

Overview

First reported 9 months ago

2024-05-07 19:15:00

Last updated 2 months ago

2024-12-20 17:18:00

Affected Software

Apple Safari

References

https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_7.html

https://issues.chromium.org/issues/337766133

https://lists.fedoraproject.org/archives/list/[email protected]/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/

https://lists.fedoraproject.org/archives/list/[email protected]/message/FAWEKDQTHPN7NFEMLIWP7YMIZ2DHF36N/

https://lists.fedoraproject.org/archives/list/[email protected]/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/

https://lists.fedoraproject.org/archives/list/[email protected]/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/

https://lists.fedoraproject.org/archives/list/[email protected]/message/BWFSZNNWSQYDRYKNLBDGEXXKMBXDYQ3F/

http://seclists.org/fulldisclosure/2024/Jul/16

http://seclists.org/fulldisclosure/2024/Jul/15

http://seclists.org/fulldisclosure/2024/Jul/18

http://seclists.org/fulldisclosure/2024/Jul/15

Mailing List

http://seclists.org/fulldisclosure/2024/Jul/16

Mailing List

http://seclists.org/fulldisclosure/2024/Jul/18

Mailing List

https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_7.html

Release Notes

https://issues.chromium.org/issues/337766133

Exploit, Issue Tracking

https://lists.fedoraproject.org/archives/list/[email protected]/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/

Mailing List

https://lists.fedoraproject.org/archives/list/[email protected]/message/BWFSZNNWSQYDRYKNLBDGEXXKMBXDYQ3F/

Mailing List

https://lists.fedoraproject.org/archives/list/[email protected]/message/FAWEKDQTHPN7NFEMLIWP7YMIZ2DHF36N/

Mailing List

https://lists.fedoraproject.org/archives/list/[email protected]/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/

Mailing List

https://lists.fedoraproject.org/archives/list/[email protected]/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/

Mailing List

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.