Skip to main content

External Control of Assumed-Immutable Web Parameter

CVE-2024-9123

Severity High
Score 7.1/10

Summary

Integer overflow in Skia in Google Chrome versions prior to 129.0.6668.70 allowed a remote attacker to perform an out-of-bounds memory write via a crafted HTML page.

  • LOW
  • NETWORK
  • LOW
  • UNCHANGED
  • NONE
  • LOW
  • HIGH
  • NONE

CWE-472 - External Control of Assumed-Immutable Web Parameter

The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable, such as hidden form fields.

Advisory Timeline

  • Published