Search for vulnerabilities
Vulnerability details: VCID-n28e-wk3b-ekfx
Vulnerability ID VCID-n28e-wk3b-ekfx
Aliases CVE-2023-7024
Summary Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Status Published
Exploitability 2.0
Weighted Severity 7.9
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-787 Out-of-bounds Write
System Score Found at
epss 0.01348 https://api.first.org/data/v1/epss?cve=CVE-2023-7024
epss 0.01348 https://api.first.org/data/v1/epss?cve=CVE-2023-7024
epss 0.01348 https://api.first.org/data/v1/epss?cve=CVE-2023-7024
epss 0.01348 https://api.first.org/data/v1/epss?cve=CVE-2023-7024
epss 0.01348 https://api.first.org/data/v1/epss?cve=CVE-2023-7024
epss 0.01348 https://api.first.org/data/v1/epss?cve=CVE-2023-7024
epss 0.01348 https://api.first.org/data/v1/epss?cve=CVE-2023-7024
epss 0.01348 https://api.first.org/data/v1/epss?cve=CVE-2023-7024
epss 0.01348 https://api.first.org/data/v1/epss?cve=CVE-2023-7024
epss 0.01348 https://api.first.org/data/v1/epss?cve=CVE-2023-7024
epss 0.01348 https://api.first.org/data/v1/epss?cve=CVE-2023-7024
epss 0.01348 https://api.first.org/data/v1/epss?cve=CVE-2023-7024
epss 0.01348 https://api.first.org/data/v1/epss?cve=CVE-2023-7024
epss 0.02632 https://api.first.org/data/v1/epss?cve=CVE-2023-7024
epss 0.02632 https://api.first.org/data/v1/epss?cve=CVE-2023-7024
epss 0.02632 https://api.first.org/data/v1/epss?cve=CVE-2023-7024
cvssv3.1 8.8 https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_20.html
ssvc Attend https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_20.html
cvssv3.1 8.8 https://crbug.com/1513170
ssvc Attend https://crbug.com/1513170
cvssv3.1 8.8 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6M6AJDHUL6EDPURWQXGLUFJNDE7SOJT3/
ssvc Attend https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6M6AJDHUL6EDPURWQXGLUFJNDE7SOJT3/
cvssv3.1 8.8 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6JL4VHZMHFGEGQYTF74533ZNRWMCMMR/
ssvc Attend https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6JL4VHZMHFGEGQYTF74533ZNRWMCMMR/
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2023-7024
cvssv3.1 8.8 https://security.gentoo.org/glsa/202401-34
ssvc Attend https://security.gentoo.org/glsa/202401-34
cvssv3.1 8.8 https://www.debian.org/security/2023/dsa-5585
ssvc Attend https://www.debian.org/security/2023/dsa-5585
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2023-7024
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7024
https://security.gentoo.org/glsa/202401-34
1513170 https://crbug.com/1513170
6M6AJDHUL6EDPURWQXGLUFJNDE7SOJT3 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6M6AJDHUL6EDPURWQXGLUFJNDE7SOJT3/
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
CVE-2023-7024 https://nvd.nist.gov/vuln/detail/CVE-2023-7024
dsa-5585 https://www.debian.org/security/2023/dsa-5585
stable-channel-update-for-desktop_20.html https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_20.html
U6JL4VHZMHFGEGQYTF74533ZNRWMCMMR https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6JL4VHZMHFGEGQYTF74533ZNRWMCMMR/
Data source KEV
Date added Jan. 2, 2024
Description Google Chromium WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could impact web browsers using WebRTC, including but not limited to Google Chrome.
Required action Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Due date Jan. 23, 2024
Note 
This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_20.html;  https://nvd.nist.gov/vuln/detail/CVE-2023-7024
Ransomware campaign use Unknown
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_20.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-12-23T05:01:04Z/ Found at https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_20.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://crbug.com/1513170
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-12-23T05:01:04Z/ Found at https://crbug.com/1513170
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6M6AJDHUL6EDPURWQXGLUFJNDE7SOJT3/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-12-23T05:01:04Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6M6AJDHUL6EDPURWQXGLUFJNDE7SOJT3/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6JL4VHZMHFGEGQYTF74533ZNRWMCMMR/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-12-23T05:01:04Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6JL4VHZMHFGEGQYTF74533ZNRWMCMMR/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-7024
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/202401-34
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-12-23T05:01:04Z/ Found at https://security.gentoo.org/glsa/202401-34
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.debian.org/security/2023/dsa-5585
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2023-12-23T05:01:04Z/ Found at https://www.debian.org/security/2023/dsa-5585
Exploit Prediction Scoring System (EPSS)
Percentile 0.79273
EPSS Score 0.01348
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:45:14.341029+00:00 Alpine Linux Importer Import https://secdb.alpinelinux.org/v3.20/community.json 37.0.0