CVE-2024-4558

Exploited in the Wild

NIST CVSS Scores

CVSS v3.1 Base Score: 9.6 (Critical)

AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CISA CVSS Scores

CVSS v3.1 Base Score: 7.5 (High)

AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Operating Systems Impacted

macOS Sonoma (prior to 14.6)
iOS (prior to 17.6)
iPadOS (prior to 17.6)

Applications Impacted

Safari (prior to 17.6)
Google Chrome (prior to 124.0.6367.155)

Additional Resources

NVD CVE-2024-4558
Google Chrome Release Notes
Safari 17.6
Sonoma 14.6
iOS 17.6 and iPadOS 17.6

Description

CVE-2024-4558 is a use-after-free vulnerability in the ANGLE component of Google Chrome. Processing maliciously crafted web content may lead to an unexpected process crash.

Impact

Exploitation of this vulnerability could allow attackers to execute arbitrary code on the affected devices, leading to potential data breaches, unauthorized access, or further compromise of the system.The severity of this issue has been assessed as follows: