Unrated severityNVD Advisory· Published Apr 10, 2024· Updated Mar 27, 2025

CVE-2024-3157

Description

Out of bounds memory access in Compositing in Google Chrome prior to 123.0.6312.122 allowed a remote attacker who had compromised the GPU process to potentially perform a sandbox escape via specific UI gestures. (Chromium security severity: High)

Affected products

osv-coords2 versions
pkg:rpm/opensuse/chromium&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/libqt5-qtwebengine&distro=openSUSE%20Tumbleweed
< 124.0.6367.201-1.1+ 1 more
- (no CPE)range: < 124.0.6367.201-1.1
- (no CPE)range: < 5.15.18-1.1
Google/Chromev5
Range: 123.0.6312.122

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_10.htmlmitre
issues.chromium.org/issues/331237485mitre
lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EW66LXDACTB5FCHLUPZOGD2KA2J62Q2/mitre
lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVEJEW7UCSUSK2J2FYQRZZPI74P2D3JP/mitre
lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDHNEFD76ORM7WBWAEZT6HSYDMZVIED4/mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000