Unrated severityNVD Advisory· Published Mar 26, 2024· Updated Mar 18, 2025

CVE-2024-2885

Description

Use after free in Dawn in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Affected products

osv-coords2 versions
pkg:rpm/opensuse/chromium&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/opera&distro=openSUSE%20Leap%2015.6%20NonFree
< 124.0.6367.201-1.1+ 1 more
- (no CPE)range: < 124.0.6367.201-1.1
- (no CPE)range: < 109.0.5097.45-lp156.2.3.1
Google/Chromev5
Range: 123.0.6312.86

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_26.htmlmitre
issues.chromium.org/issues/328958020mitre
lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YUWGSMA5X2NQP5XEFCLRWNX6246GZ2C/mitre
lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G3RKI7VTQSIAI3PVZGRCHOSELTQXQ5FQ/mitre
lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IQMRHKDEG4J7TMRRRGUGW6GS4MVBX5IT/mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000