Severity
Medium
Analysis Summary
CVE-2024-9965 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient data validation in DevTools. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2024-47026 CVSS:4
Google Android could allow a local attacker to obtain sensitive information, caused by an out-of-bounds read in gsc_gsa_rescue of gsc_gsa.c. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.
CVE-2024-47029 CVSS:4
Google Android could allow a local attacker to obtain sensitive information, caused by an incorrect bounds check in TrustySharedMemoryManager::GetSharedMemory of ondevice/trusty/trusty_shared_memory_manager.cc. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.
Impact
- Security Bypass
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2024-9965
- CVE-2024-47026
- CVE-2024-47029
Affected Vendors
Affected Products
- Google Chrome - 130.0
- Google Android - Android kernel
- Google Chrome - 130.0.6723.58
Remediation
Upgrade to the latest version of Google Products, available from the Google Chrome Releases Website.