Vulnerability CVE-2024-3157: Information

Description

Out of bounds memory access in Compositing in Google Chrome prior to 123.0.6312.122 allowed a remote attacker who had compromised the GPU process to potentially perform a sandbox escape via specific UI gestures. (Chromium security severity: High)

URL: https://nvd.nist.gov/vuln/detail/CVE-2024-3157
Published: April 10, 2024
Modified: April 20, 2024

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
chromiumsisyphus123.0.6312.122-alt1125.0.6422.141-alt1ALT-PU-2024-6499-1345029Fixed
chromiumsisyphus_loongarch64124.0.6367.78-alt1.0.port124.0.6367.78-alt1.0.portALT-PU-2024-7373-1-Fixed
chromiump11123.0.6312.122-alt1125.0.6422.141-alt1ALT-PU-2024-6499-1345029Fixed
chromium-gostsisyphus124.0.6367.78-alt1124.0.6367.78-alt1ALT-PU-2024-7309-1347217Fixed
chromium-gostp11124.0.6367.78-alt1124.0.6367.78-alt1ALT-PU-2024-7309-1347217Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_10.html
    https://issues.chromium.org/issues/331237485
      https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDHNEFD76ORM7WBWAEZT6HSYDMZVIED4/
        https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EW66LXDACTB5FCHLUPZOGD2KA2J62Q2/
          https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVEJEW7UCSUSK2J2FYQRZZPI74P2D3JP/
            VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
            Version: v24.5.3
            Back to top