CVE-2024-4949

CRITICAL Year: 2024
CVSS v3 Score
9.6
Critical
Weakness Type
CWE-416
View all →

Vulnerability Description

Use after free in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Related Vulnerabilities

CVE-2018-17462

CRITICAL
CVSS:9.6(Critical)

Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform a sandbox escape via a crafted HTML page.

CWE-4162018

CVE-2018-6127

CRITICAL
CVSS:9.6(Critical)

Early free of object in use in IndexDB in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted H...

CWE-4162018

CVE-2019-5759

CRITICAL
CVSS:9.6(Critical)

Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

CWE-4162019

CVE-2019-5850

CRITICAL
CVSS:9.6(Critical)

Use after free in offline mode in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page...

CWE-4162019

CVE-2019-5870

CRITICAL
CVSS:9.6(Critical)

Use after free in media in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

CWE-4162019

CVE-2020-16014

CRITICAL
CVSS:9.6(Critical)

Use after free in PPAPI in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CWE-4162020