CVE-2024-3170: Use after free in WebRTC

Q: What is the severity of CVE-2024-3170?

The severity of CVE-2024-3170 is classified as High due to its potential for heap corruption via crafted HTML pages.

Q: How do I fix CVE-2024-3170?

To fix CVE-2024-3170, upgrade to Google Chrome version 121.0.6167.85 or later.

Q: What impact does CVE-2024-3170 have on Google Chrome users?

CVE-2024-3170 can potentially allow remote attackers to exploit vulnerabilities leading to heap corruption.

Q: Are there any specific versions of Google Chrome affected by CVE-2024-3170?

Yes, Google Chrome versions prior to 121.0.6167.85 are affected by CVE-2024-3170.

Q: What components of Google Chrome does CVE-2024-3170 affect?

CVE-2024-3170 affects the WebRTC component of Google Chrome.

Published Jan 5, 2024

Updated

Use after free in WebRTC in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Credit

Anonymous

Affected Software

2 affected componentsFixes available

Google Chrome<121.0.6167.85

121.0.6167.85

Google Chrome<121.0.6167.85

Event History

Jan 5, 2024

CVE Published

12:00 AM

Jul 16, 2024

CVE Published

via MITRE·10:14 PM

Data Sourced

via MITRE·10:14 PM

DescriptionWeakness

Data Sourced

via NVD·11:15 PM

Description

Parent advisories

This vulnerability appears in the following advisories.

2666430141006798223

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is the severity of CVE-2024-3170?

The severity of CVE-2024-3170 is classified as High due to its potential for heap corruption via crafted HTML pages.

How do I fix CVE-2024-3170?

To fix CVE-2024-3170, upgrade to Google Chrome version 121.0.6167.85 or later.

What impact does CVE-2024-3170 have on Google Chrome users?