ГлавнаяУязвимости → CVE-2024-3157
9.6критическая

CVE-2024-3157

→ есть в БДУ: BDU:2024-03187 (на русском)
Описание (на английском; русское — в БДУ выше)

Out of bounds memory access in Compositing in Google Chrome prior to 123.0.6312.122 allowed a remote attacker who had compromised the GPU process to potentially perform a sandbox escape via specific UI gestures. (Chromium security severity: High)

Затрагиваемое ПО
Google ChromeFedoraproject Fedora
CVSS
Балл9.6 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Источники
https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_10.htmlhttps://issues.chromium.org/issues/331237485https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EW66LXDACTB5FCHLUPZOGD2KA2J62Q2/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVEJEW7UCSUSK2J2FYQRZZPI74P2D3JP/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDHNEFD76ORM7WBWAEZT6HSYDMZVIED4/https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_10.htmlhttps://issues.chromium.org/issues/331237485https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EW66LXDACTB5FCHLUPZOGD2KA2J62Q2/