Vulnerability CVE-2024-3839: Information

Description

Out of bounds read in Fonts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2024-3839
Published: April 17, 2024
Modified: May 3, 2024
Error type identifier: CWE-125

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
chromiumsisyphus124.0.6367.60-alt1124.0.6367.207-alt1ALT-PU-2024-7078-1345568Fixed
chromiumsisyphus_loongarch64124.0.6367.78-alt1.0.port124.0.6367.78-alt1.0.portALT-PU-2024-7373-1-Fixed
chromium-gostsisyphus124.0.6367.78-alt1124.0.6367.78-alt1ALT-PU-2024-7309-1347217Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html
  • Vendor Advisory
https://issues.chromium.org/issues/41491859
  • Permissions Required
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWIVXXSVO5VB3NAZVFJ7CWVBN6W2735T/
    https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCWPUBGTBNT4EW32YNZMRIPB3Y4R6XL6/
      https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEP5NJUWMDRLDQUKU4LFDUHF5PCYAPIO/
        https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4PCXKCOVBUUU6GOSN46DCPI4HMER3PJ/
          https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDLUD644WEWGOFKMZWC2K7Z4CQOKQYR7/
            https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/

                1. Configuration 1

                  cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
                  End excliding
                  124.0.6367.60
              VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
              Version: v24.5.1
              Back to top