CVE-2024-4671

Published May 14, 2024

Last updated 6 months ago

Exploit knownCVSS critical 9.6
Zero-day

Overview

Description
Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Source
chrome-cve-admin@google.com
NVD status
Analyzed
Products
chrome, fedora

Risk scores

CVSS 3.1

Type
Primary
Base score
9.6
Impact score
6
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
Google Chromium Visuals Use-After-Free Vulnerability
Exploit added on
May 13, 2024
Exploit action due
Jun 3, 2024
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Weaknesses

nvd@nist.gov
CWE-416
134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-416

Social media

Hype score
Not currently trending

  1. ๐Ÿ“ข CISA KEV UPDATE: Actively exploited flaws in Apple visionOS (CVE-2026-28217), Laravel (CVE-2024-4671), & Craft CMS (CVE-2026-25487) added to catalog. Federal agencies must patch by April 12. All orgs urged to patch NOW! โš ๏ธ #KEV #CISA ๐Ÿ”— https://t.co/POPJ8rW5Pf

    @NetSecIO

    23 Mar 2026

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Headline: ๐Ÿšจ URGENT: Critical #Chromium Vuln Patched in #Debian (DSA-5963-1). CVE-2024-4671 = RCE + Sandbox Escape Risk! Body: High-severity flaw in Chromium engine patched by Debian. Read more: ๐Ÿ‘‰ https://t.co/ny63bU9g23 https://t.co/EFrDpRErNN

    @Cezar_H_Linux

    25 Jul 2025

    66 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. ๐Ÿ”ด #Google #Chrome Use After Free Vulnerability (#CVE-2024-4671) - High Severity - Critical https://t.co/u6gFDF0aAB

    @dailycve

    27 Nov 2024

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted video file. (Chromium security severity: High)โ€ขCVE-2026-6362
  2. Type Confusion in V8 in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)โ€ขCVE-2026-6363
  3. Out of bounds read in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted file. (Chromium security severity: Medium)โ€ขCVE-2026-6364
  4. Heap buffer overflow in PDFium in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)โ€ขCVE-2026-6361
  5. Use after free in XR in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Critical)โ€ขCVE-2026-6358

References

Sources include official advisories and independent security research.