CVE-2024-9123 - Vulnerability Details - OpenCVE

ReportizFlow

Integer overflow in Skia in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Google	Chrome

Configuration 1 [-]

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_24.html
https://issues.chromium.org/issues/365884464

History

Thu, 20 Nov 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N'}`	cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}`

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00082}`	epss `{'score': 0.00084}`

Tue, 24 Sep 2024 19:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Google Google chrome
Weaknesses		CWE-190
CPEs		cpe:2.3:a:google:chrome::::::::
Vendors & Products		Google Google chrome
Metrics		cvssV3_1 `{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 24 Sep 2024 19:00:00 +0000

Type	Values Removed	Values Added
Description		Integer overflow in Skia in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
Weaknesses		CWE-472
References		https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_24.html https://issues.chromium.org/issues/365884464

MITRE

Status: PUBLISHED

Assigner: Chrome

Published: 2024-09-24T18:44:38.706Z

Updated: 2025-11-20T18:47:30.230Z

Reserved: 2024-09-23T20:06:25.115Z

Link: CVE-2024-9123

Vulnrichment

Updated: 2024-09-24T19:08:24.285Z

NVD

Status : Modified

Published: 2024-09-25T01:15:48.903

Modified: 2025-11-20T19:16:10.840

Link: CVE-2024-9123

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-9123", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "state": "PUBLISHED", "assignerShortName": "Chrome", "dateReserved": "2024-09-23T20:06:25.115Z", "datePublished": "2024-09-24T18:44:38.706Z", "dateUpdated": "2025-11-20T18:47:30.230Z"}, "containers": {"cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"version": "129.0.6668.70", "status": "affected", "lessThan": "129.0.6668.70", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Integer overflow in Skia in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Integer overflow", "cweId": "CWE-472"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2024-09-24T18:44:38.706Z"}, "references": [{"url": "https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_24.html"}, {"url": "https://issues.chromium.org/issues/365884464"}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-190", "lang": "en", "description": "CWE-190 Integer Overflow or Wraparound"}]}], "affected": [{"vendor": "google", "product": "chrome", "cpes": ["cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "129.0.6668.70", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-09-26T03:55:49.588715Z", "id": "CVE-2024-9123", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-20T18:47:30.230Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-9123", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-26T03:55:49.588715Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"], "vendor": "google", "product": "chrome", "versions": [{"status": "affected", "version": "0", "lessThan": "129.0.6668.70", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-24T19:08:24.285Z"}}], "cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"status": "affected", "version": "129.0.6668.70", "lessThan": "129.0.6668.70", "versionType": "custom"}]}], "references": [{"url": "https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_24.html"}, {"url": "https://issues.chromium.org/issues/365884464"}], "descriptions": [{"lang": "en", "value": "Integer overflow in Skia in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)"}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-472", "description": "Integer overflow"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2024-09-24T18:44:38.706Z"}}}, "cveMetadata": {"cveId": "CVE-2024-9123", "state": "PUBLISHED", "dateUpdated": "2025-11-20T18:47:30.230Z", "dateReserved": "2024-09-23T20:06:25.115Z", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "datePublished": "2024-09-24T18:44:38.706Z", "assignerShortName": "Chrome"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "5E294A00-3D10-43BE-A7C6-8CC4F213E379", "versionEndExcluding": "129.0.6668.70", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Integer overflow in Skia in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)"}, {"lang": "es", "value": "Un desbordamiento de enteros en Skia en Google Chrome anterior a la versi\u00f3n 129.0.6668.70 permit\u00eda a un atacante remoto realizar una escritura en la memoria fuera de los l\u00edmites a trav\u00e9s de una p\u00e1gina HTML manipulada espec\u00edficamente. (Gravedad de seguridad de Chromium: alta)"}], "id": "CVE-2024-9123", "lastModified": "2025-11-20T19:16:10.840", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "[email protected]", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-09-25T01:15:48.903", "references": [{"source": "[email protected]", "tags": ["Release Notes"], "url": "https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_24.html"}, {"source": "[email protected]", "tags": ["Issue Tracking"], "url": "https://issues.chromium.org/issues/365884464"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-472"}], "source": "[email protected]", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-190"}], "source": "[email protected]", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-190"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}