Search for vulnerabilities
Vulnerability details: VCID-49qk-8wm8-aaas
Vulnerability ID VCID-49qk-8wm8-aaas
Aliases CVE-2024-4671
Summary Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Status Published
Exploitability 2.0
Weighted Severity 8.6
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-416 Use After Free
System Score Found at
cvssv3 9.6 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4671.json
epss 0.00027 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.00027 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.00027 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.00027 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.00027 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.00027 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.00100 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.00100 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.00100 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.00100 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.00100 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.00100 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.00100 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.00100 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.00100 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.00100 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.00100 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.00100 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.0011 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.00113 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.00135 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.00135 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.00135 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.00163 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.00163 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.00163 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.00163 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.00296 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.00296 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.00296 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.02155 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.06138 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.06138 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.06138 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.06138 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.06138 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.06138 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.06138 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.06138 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.06138 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.06138 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.06138 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.06138 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
epss 0.31845 https://api.first.org/data/v1/epss?cve=CVE-2024-4671
cvssv3 9.6 https://nvd.nist.gov/vuln/detail/CVE-2024-4671
cvssv3.1 9.6 https://nvd.nist.gov/vuln/detail/CVE-2024-4671
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4671.json
https://api.first.org/data/v1/epss?cve=CVE-2024-4671
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_9.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4671
https://issues.chromium.org/issues/339266700
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BWFSZNNWSQYDRYKNLBDGEXXKMBXDYQ3F/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FAWEKDQTHPN7NFEMLIWP7YMIZ2DHF36N/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NTSN22LNYXMWHVTYNOYQVOY7VDZFHENQ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSUWM73ZCXTN62AT2REYQDD5ZKPFMDZD/
2280246 https://bugzilla.redhat.com/show_bug.cgi?id=2280246
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*
CVE-2024-4671 https://nvd.nist.gov/vuln/detail/CVE-2024-4671
Data source KEV
Date added May 13, 2024
Description Google Chromium Visuals contains a use-after-free vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Required action Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Due date June 3, 2024
Note 
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_9.html?m=1; https://nvd.nist.gov/vuln/detail/CVE-2024-4671
Ransomware campaign use Unknown
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4671.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-4671
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-4671
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.05941
EPSS Score 0.00027
Published At April 15, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2024-05-10T09:02:54.187061+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 34.0.0rc4