Cyber Resilience

CVE-2024-5839

Medium

Published: 11 June 2024

Published
11 June 2024
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS Score 0.0012 30.8th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-5839 is a medium-severity Use of Function with Inconsistent Implementations (CWE-474) vulnerability in Fedoraproject Fedora. Its CVSS base score is 6.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Drive-by Compromise (T1189); ranked at the 30.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Inappropriate Implementation in Memory Allocator in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1189 Drive-by Compromise Initial Access
Adversaries may gain access to a system through a user visiting a website over the normal course of browsing.
T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Heap corruption in Chrome's memory allocator exploitable via crafted HTML page enables drive-by compromise (T1189) and exploitation for client execution (T1203).

Affected Assets

google
chrome
≤ 126.0.6478.54
fedoraproject
fedora
39, 40

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References