Search for vulnerabilities
Vulnerability details: VCID-e3ap-kmq1-t7gy
Vulnerability ID VCID-e3ap-kmq1-t7gy
Aliases CVE-2024-0808
Summary Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High)
Status Published
Exploitability 0.5
Weighted Severity 8.8
Risk 4.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-191 Integer Underflow (Wrap or Wraparound)
System Score Found at
epss 0.00495 https://api.first.org/data/v1/epss?cve=CVE-2024-0808
epss 0.00495 https://api.first.org/data/v1/epss?cve=CVE-2024-0808
epss 0.00495 https://api.first.org/data/v1/epss?cve=CVE-2024-0808
epss 0.00495 https://api.first.org/data/v1/epss?cve=CVE-2024-0808
epss 0.00495 https://api.first.org/data/v1/epss?cve=CVE-2024-0808
epss 0.00495 https://api.first.org/data/v1/epss?cve=CVE-2024-0808
epss 0.00495 https://api.first.org/data/v1/epss?cve=CVE-2024-0808
epss 0.00495 https://api.first.org/data/v1/epss?cve=CVE-2024-0808
epss 0.00495 https://api.first.org/data/v1/epss?cve=CVE-2024-0808
epss 0.00495 https://api.first.org/data/v1/epss?cve=CVE-2024-0808
epss 0.00495 https://api.first.org/data/v1/epss?cve=CVE-2024-0808
epss 0.00495 https://api.first.org/data/v1/epss?cve=CVE-2024-0808
epss 0.00495 https://api.first.org/data/v1/epss?cve=CVE-2024-0808
epss 0.00495 https://api.first.org/data/v1/epss?cve=CVE-2024-0808
epss 0.00495 https://api.first.org/data/v1/epss?cve=CVE-2024-0808
epss 0.00495 https://api.first.org/data/v1/epss?cve=CVE-2024-0808
epss 0.00495 https://api.first.org/data/v1/epss?cve=CVE-2024-0808
epss 0.00495 https://api.first.org/data/v1/epss?cve=CVE-2024-0808
epss 0.00495 https://api.first.org/data/v1/epss?cve=CVE-2024-0808
cvssv3.1 9.8 https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html
ssvc Track https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html
cvssv3.1 9.8 https://crbug.com/1504936
ssvc Track https://crbug.com/1504936
cvssv3.1 9.8 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/
cvssv3.1 9.8 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/
cvssv3.1 9.8 https://nvd.nist.gov/vuln/detail/CVE-2024-0808
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2024-0808
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0808
1504936 https://crbug.com/1504936
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
CVE-2024-0808 https://nvd.nist.gov/vuln/detail/CVE-2024-0808
MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/
stable-channel-update-for-desktop_23.html https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html
VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-09T23:34:13Z/ Found at https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://crbug.com/1504936
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-09T23:34:13Z/ Found at https://crbug.com/1504936
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-09T23:34:13Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-09T23:34:13Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-0808
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.64724
EPSS Score 0.00495
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:34:25.253834+00:00 Alpine Linux Importer Import https://secdb.alpinelinux.org/v3.21/community.json 37.0.0