{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-3157", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "state": "PUBLISHED", "assignerShortName": "Chrome", "dateReserved": "2024-04-01T19:47:02.636Z", "datePublished": "2024-04-10T18:41:38.145Z", "dateUpdated": "2025-03-27T15:21:03.544Z"}, "containers": {"cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"version": "123.0.6312.122", "status": "affected", "lessThan": "123.0.6312.122", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Out of bounds memory access in Compositing in Google Chrome prior to 123.0.6312.122 allowed a remote attacker who had compromised the GPU process to potentially perform a sandbox escape via specific UI gestures. (Chromium security severity: High)"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Out of bounds write"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2024-04-19T23:06:34.733Z"}, "references": [{"url": "https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_10.html"}, {"url": "https://issues.chromium.org/issues/331237485"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDHNEFD76ORM7WBWAEZT6HSYDMZVIED4/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EW66LXDACTB5FCHLUPZOGD2KA2J62Q2/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVEJEW7UCSUSK2J2FYQRZZPI74P2D3JP/"}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-787", "lang": "en", "description": "CWE-787 Out-of-bounds Write"}]}], "affected": [{"vendor": "google", "product": "chrome", "cpes": ["cpe:2.3:a:google:chrome:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "123.0.6312.122", "status": "affected"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-04-25T04:00:09.388506Z", "id": "CVE-2024-3157", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-27T15:21:03.544Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:05:07.954Z"}, "title": "CVE Program Container", "references": [{"url": "https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_10.html", "tags": ["x_transferred"]}, {"url": "https://issues.chromium.org/issues/331237485", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDHNEFD76ORM7WBWAEZT6HSYDMZVIED4/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EW66LXDACTB5FCHLUPZOGD2KA2J62Q2/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVEJEW7UCSUSK2J2FYQRZZPI74P2D3JP/", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_10.html", "tags": ["x_transferred"]}, {"url": "https://issues.chromium.org/issues/331237485", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDHNEFD76ORM7WBWAEZT6HSYDMZVIED4/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EW66LXDACTB5FCHLUPZOGD2KA2J62Q2/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVEJEW7UCSUSK2J2FYQRZZPI74P2D3JP/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:05:07.954Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-3157", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-04-25T04:00:09.388506Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:google:chrome:-:*:*:*:*:*:*:*"], "vendor": "google", "product": "chrome", "versions": [{"status": "affected", "version": "123.0.6312.122"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-25T20:05:44.235Z"}}], "cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"status": "affected", "version": "123.0.6312.122", "lessThan": "123.0.6312.122", "versionType": "custom"}]}], "references": [{"url": "https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_10.html"}, {"url": "https://issues.chromium.org/issues/331237485"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDHNEFD76ORM7WBWAEZT6HSYDMZVIED4/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EW66LXDACTB5FCHLUPZOGD2KA2J62Q2/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVEJEW7UCSUSK2J2FYQRZZPI74P2D3JP/"}], "descriptions": [{"lang": "en", "value": "Out of bounds memory access in Compositing in Google Chrome prior to 123.0.6312.122 allowed a remote attacker who had compromised the GPU process to potentially perform a sandbox escape via specific UI gestures. (Chromium security severity: High)"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Out of bounds write"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2024-04-19T23:06:34.733Z"}}}, "cveMetadata": {"cveId": "CVE-2024-3157", "state": "PUBLISHED", "dateUpdated": "2025-03-27T15:21:03.544Z", "dateReserved": "2024-04-01T19:47:02.636Z", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "datePublished": "2024-04-10T18:41:38.145Z", "assignerShortName": "Chrome"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "E8445CD7-B513-48C1-9EF0-4B57C9ED6654", "versionEndExcluding": "123.0.6312.122", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*", "matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Out of bounds memory access in Compositing in Google Chrome prior to 123.0.6312.122 allowed a remote attacker who had compromised the GPU process to potentially perform a sandbox escape via specific UI gestures. (Chromium security severity: High)"}, {"lang": "es", "value": "El acceso a la memoria fuera de los l\u00edmites en Compositing en Google Chrome anterior a 123.0.6312.122 permit\u00eda a un atacante remoto que hab\u00eda comprometido el proceso de la GPU realizar potencialmente un escape de la zona de pruebas mediante gestos espec\u00edficos de la interfaz de usuario. (Severidad de seguridad de Chrome: alta)"}], "id": "CVE-2024-3157", "lastModified": "2025-03-27T16:15:26.070", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-04-10T19:15:49.623", "references": [{"source": "chrome-cve-admin@google.com", "tags": ["Release Notes"], "url": "https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_10.html"}, {"source": "chrome-cve-admin@google.com", "tags": ["Exploit", "Issue Tracking"], "url": "https://issues.chromium.org/issues/331237485"}, {"source": "chrome-cve-admin@google.com", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EW66LXDACTB5FCHLUPZOGD2KA2J62Q2/"}, {"source": "chrome-cve-admin@google.com", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVEJEW7UCSUSK2J2FYQRZZPI74P2D3JP/"}, {"source": "chrome-cve-admin@google.com", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDHNEFD76ORM7WBWAEZT6HSYDMZVIED4/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_10.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking"], "url": "https://issues.chromium.org/issues/331237485"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EW66LXDACTB5FCHLUPZOGD2KA2J62Q2/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVEJEW7UCSUSK2J2FYQRZZPI74P2D3JP/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDHNEFD76ORM7WBWAEZT6HSYDMZVIED4/"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}