Upgrade Debian:unstable chromium to version 83.0.4103.83-1 or higher.

Use After Free in chromium | CVE-2020-6474

Threat Intelligence

0.04% (12^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-DEBIANUNSTABLE-CHROMIUM-6751230
published2 May 2024
disclosed1 May 2024

Report a new vulnerability Found a mistake?

Introduced: 1 May 2024

CVE-2024-4331 (opens in a new tab)

How to fix?

Upgrade Debian:unstable chromium to version 124.0.6367.118-1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream chromium package and not the chromium package as distributed by Debian. See How to fix? for Debian:unstable relevant fixed versions and status.

Use after free in Picture In Picture in Google Chrome prior to 124.0.6367.118 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

References

https://security-tracker.debian.org/tracker/CVE-2024-4331
https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_30.html
https://issues.chromium.org/issues/335003891
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7I4FMQSOVTCIIH4XT2MJGEQRUACLPB6/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/

CVE-2024-4331 Affecting chromium package, versions <124.0.6367.118-1

Severity