External Control of Assumed-Immutable Web Parameter
CVE-2024-9123
Summary
Integer overflow in Skia in Google Chrome versions prior to 129.0.6668.70 allowed a remote attacker to perform an out-of-bounds memory write via a crafted HTML page.
- LOW
- NETWORK
- LOW
- UNCHANGED
- NONE
- LOW
- HIGH
- NONE
CWE-472 - External Control of Assumed-Immutable Web Parameter
The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable, such as hidden form fields.
References
Advisory Timeline
- Published