csaf_certbund - wid-sec-w-2024-1080

wid-sec-w-2024-1080

Vulnerability from csaf_certbund

Published

2024-05-09 22:00

Modified

2024-06-10 22:00

Summary

Google Chrome: Schwachstelle ermöglicht nicht spezifizierten Angriff

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Chrome ist ein Internet-Browser von Google.

Angriff

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Google Chrome ausnutzen, um beliebigen Programmcode auszuführen und weitere, nicht spezifizierte Auswirkungen zu verursachen.

Betroffene Betriebssysteme

- Linux - MacOS X - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Chrome ist ein Internet-Browser von Google.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Google Chrome ausnutzen, um beliebigen Programmcode auszuf\u00fchren und weitere, nicht spezifizierte Auswirkungen zu verursachen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- MacOS X\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-1080 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1080.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-1080 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1080"
      },
      {
        "category": "external",
        "summary": "Chrome Release: Stable Channel Update for Desktop vom 2024-05-09",
        "url": "https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_9.html"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2024-5F84678C08 vom 2024-05-11",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-5f84678c08"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2024-6F1C3198F5 vom 2024-05-11",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-6f1c3198f5"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2024-DF7E365B4A vom 2024-05-11",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-df7e365b4a"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5687 vom 2024-05-10",
        "url": "https://lists.debian.org/debian-security-announce/2024/msg00097.html"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2024-E94A7220F2 vom 2024-05-11",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-e94a7220f2"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2024-1BC17D6EC7 vom 2024-05-11",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-1bc17d6ec7"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2024:0123-1 vom 2024-05-13",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2S7S4HVABEMIRHPQD4H3O6EA36PLCUCI/"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2024-C01C1F5F82 vom 2024-05-16",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-c01c1f5f82"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2024-382A7DBA53 vom 2024-05-16",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-382a7dba53"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2024-38D250BAFC vom 2024-05-17",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-38d250bafc"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2024-1FB3CEC2E0 vom 2024-05-17",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-1fb3cec2e0"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2024-1A95B76E46 vom 2024-05-23",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-1a95b76e46"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2024-46D6266EF3 vom 2024-05-23",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-46d6266ef3"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2024-3184C14A07 vom 2024-05-23",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-3184c14a07"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2024:0156-1 vom 2024-06-10",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/PYKI7FIDICKYHO5TLIGQUUCUF2ATFWPR/"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2024:0156-1 vom 2024-06-10",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PYKI7FIDICKYHO5TLIGQUUCUF2ATFWPR/"
      }
    ],
    "source_lang": "en-US",
    "title": "Google Chrome: Schwachstelle erm\u00f6glicht nicht spezifizierten Angriff",
    "tracking": {
      "current_release_date": "2024-06-10T22:00:00.000+00:00",
      "generator": {
        "date": "2024-06-11T08:06:23.832+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.0"
        }
      },
      "id": "WID-SEC-W-2024-1080",
      "initial_release_date": "2024-05-09T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-05-09T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-05-12T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Fedora, Debian und openSUSE aufgenommen"
        },
        {
          "date": "2024-05-16T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Fedora aufgenommen"
        },
        {
          "date": "2024-05-23T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Fedora aufgenommen"
        },
        {
          "date": "2024-06-10T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von openSUSE aufgenommen"
        }
      ],
      "status": "final",
      "version": "5"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Fedora Linux",
            "product": {
              "name": "Fedora Linux",
              "product_id": "74185",
              "product_identification_helper": {
                "cpe": "cpe:/o:fedoraproject:fedora:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Fedora"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c124.0.6367.201",
                "product": {
                  "name": "Google Chrome \u003c124.0.6367.201",
                  "product_id": "T034669",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:google:chrome:124.0.6367.201"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c124.0.6367.202",
                "product": {
                  "name": "Google Chrome \u003c124.0.6367.202",
                  "product_id": "T034670",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:google:chrome:124.0.6367.202"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Chrome"
          }
        ],
        "category": "vendor",
        "name": "Google"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE openSUSE",
            "product": {
              "name": "SUSE openSUSE",
              "product_id": "T027843",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:opensuse:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-4671",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Google Chrome. Dieser Fehler besteht in der Komponente Visuals aufgrund eines Use-after-free-Problems. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um potentiell Code zur Ausf\u00fchrung zu bringen und weitere nicht spezifizierte Auswirkungen zu verursachen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T027843",
          "74185"
        ]
      },
      "release_date": "2024-05-09T22:00:00Z",
      "title": "CVE-2024-4671"
    }
  ]
}

cve-2024-4671

Vulnerability from cvelistv5

Published

2024-05-09 23:54

Modified

2024-08-29 16:18

Severity ?

9.6 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Summary

Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

References

▼	URL	Tags
	https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_9.html
	https://issues.chromium.org/issues/339266700
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NTSN22LNYXMWHVTYNOYQVOY7VDZFHENQ/
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FAWEKDQTHPN7NFEMLIWP7YMIZ2DHF36N/
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSUWM73ZCXTN62AT2REYQDD5ZKPFMDZD/
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BWFSZNNWSQYDRYKNLBDGEXXKMBXDYQ3F/

Impacted products

▼	Vendor	Product
	Google	Chrome

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "chrome",
            "vendor": "google",
            "versions": [
              {
                "lessThan": "124.0.6367.201",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
              "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
              "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fedora",
            "vendor": "fedoraproject",
            "versions": [
              {
                "status": "affected",
                "version": "38"
              },
              {
                "status": "affected",
                "version": "39"
              },
              {
                "status": "affected",
                "version": "40"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.6,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-4671",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-14T04:00:18.305287Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2024-05-13",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-4671"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-29T16:18:04.545Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:47:41.434Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_9.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://issues.chromium.org/issues/339266700"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NTSN22LNYXMWHVTYNOYQVOY7VDZFHENQ/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FAWEKDQTHPN7NFEMLIWP7YMIZ2DHF36N/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSUWM73ZCXTN62AT2REYQDD5ZKPFMDZD/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BWFSZNNWSQYDRYKNLBDGEXXKMBXDYQ3F/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "124.0.6367.201",
              "status": "affected",
              "version": "124.0.6367.201",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Use after free",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-13T00:37:10.444Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "url": "https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_9.html"
        },
        {
          "url": "https://issues.chromium.org/issues/339266700"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NTSN22LNYXMWHVTYNOYQVOY7VDZFHENQ/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FAWEKDQTHPN7NFEMLIWP7YMIZ2DHF36N/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSUWM73ZCXTN62AT2REYQDD5ZKPFMDZD/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BWFSZNNWSQYDRYKNLBDGEXXKMBXDYQ3F/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2024-4671",
    "datePublished": "2024-05-09T23:54:09.853Z",
    "dateReserved": "2024-05-09T02:53:47.546Z",
    "dateUpdated": "2024-08-29T16:18:04.545Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted