OpenCVE

Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Enterprise Linux Rhel Aus Rhel E4s Rhel Eus Rhel Tus

No data.

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
webkit2gtk3-0:2.46.3-1.el8_10	cpe:/a:redhat:enterprise_linux:8	RHSA-2024:9636	2024-11-14T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support
webkit2gtk3-0:2.46.3-1.el8_2	cpe:/a:redhat:rhel_aus:8.2	RHSA-2024:9680	2024-11-14T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
webkit2gtk3-0:2.46.3-1.el8_4	cpe:/a:redhat:rhel_aus:8.4	RHSA-2024:9679	2024-11-14T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
webkit2gtk3-0:2.46.3-1.el8_4	cpe:/a:redhat:rhel_tus:8.4	RHSA-2024:9679	2024-11-14T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
webkit2gtk3-0:2.46.3-1.el8_4	cpe:/a:redhat:rhel_e4s:8.4	RHSA-2024:9679	2024-11-14T00:00:00Z
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
webkit2gtk3-0:2.46.3-1.el8_6	cpe:/a:redhat:rhel_aus:8.6	RHSA-2024:9653	2024-11-14T00:00:00Z
Red Hat Enterprise Linux 8.6 Telecommunications Update Service
webkit2gtk3-0:2.46.3-1.el8_6	cpe:/a:redhat:rhel_tus:8.6	RHSA-2024:9653	2024-11-14T00:00:00Z
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
webkit2gtk3-0:2.46.3-1.el8_6	cpe:/a:redhat:rhel_e4s:8.6	RHSA-2024:9653	2024-11-14T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
webkit2gtk3-0:2.46.3-1.el8_8	cpe:/a:redhat:rhel_eus:8.8	RHSA-2024:9646	2024-11-14T00:00:00Z
Red Hat Enterprise Linux 9
webkit2gtk3-0:2.44.3-2.el9	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:9144	2024-11-12T00:00:00Z
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
webkit2gtk3-0:2.46.1-1.el9_0	cpe:/a:redhat:rhel_e4s:9.0	RHSA-2024:8496	2024-10-28T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
webkit2gtk3-0:2.46.1-1.el9_2	cpe:/a:redhat:rhel_eus:9.2	RHSA-2024:8492	2024-10-28T00:00:00Z

References

Link	Providers
http://seclists.org/fulldisclosure/2024/Jul/15
http://seclists.org/fulldisclosure/2024/Jul/16
http://seclists.org/fulldisclosure/2024/Jul/18
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_7.html
https://issues.chromium.org/issues/337766133
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BWFSZNNWSQYDRYKNLBDGEXXKMBXDYQ3F/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FAWEKDQTHPN7NFEMLIWP7YMIZ2DHF36N/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/
https://nvd.nist.gov/vuln/detail/CVE-2024-4558
https://www.cve.org/CVERecord?id=CVE-2024-4558

History

Sat, 16 Nov 2024 03:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Aus Redhat rhel Tus
CPEs		cpe:/a:redhat:enterprise_linux:8 cpe:/a:redhat:rhel_aus:8.2 cpe:/a:redhat:rhel_aus:8.4 cpe:/a:redhat:rhel_aus:8.6 cpe:/a:redhat:rhel_e4s:8.4 cpe:/a:redhat:rhel_e4s:8.6 cpe:/a:redhat:rhel_eus:8.8 cpe:/a:redhat:rhel_tus:8.4 cpe:/a:redhat:rhel_tus:8.6
Vendors & Products		Redhat rhel Aus Redhat rhel Tus

Wed, 13 Nov 2024 02:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:9
Vendors & Products		Redhat enterprise Linux

Tue, 29 Oct 2024 02:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat rhel E4s Redhat rhel Eus
CPEs		cpe:/a:redhat:rhel_e4s:9.0 cpe:/a:redhat:rhel_eus:9.2
Vendors & Products		Redhat Redhat rhel E4s Redhat rhel Eus

Wed, 23 Oct 2024 02:45:00 +0000

Type	Values Removed	Values Added
Title		chromium-browser: Use after free in ANGLE
References		https://nvd.nist.gov/vuln/detail/CVE-2024-4558 https://www.cve.org/CVERecord?id=CVE-2024-4558
Metrics	threat_severity `None`	threat_severity `Important`

MITRE

Status: PUBLISHED

Assigner: Chrome

Published: 2024-05-07T19:02:22.673Z

Updated: 2024-08-01T20:47:40.556Z

Reserved: 2024-05-06T18:32:23.603Z

Link: CVE-2024-4558

Vulnrichment

Updated: 2024-08-01T20:47:40.556Z

NVD

Status : Awaiting Analysis

Published: 2024-05-07T19:15:08.577

Modified: 2024-11-21T09:43:06.137

Link: CVE-2024-4558

Redhat

Severity : Important

Publid Date: 2024-05-07T00:00:00Z

Links: CVE-2024-4558 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object