CVE-2024-10488: Use after free in WebRTC

Reference Links

• https://www.zdnet.com/article/why-you-should-update-chrome-and-firefox-right-now/
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-10488 (Advisory)
• https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_29.html
• https://issues.chromium.org/issues/374310077
• https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-chromeos_29.html (Advisory)

Parent vulnerabilities

(Appears in the following advisories)

• 3335538213862105157

Peer vulnerabilities

(Found alongside the following vulnerabilities)

• CVE-2024-7006
• CVE-2024-47076
• CVE-2024-47175
• CVE-2024-47176
• CVE-2024-47177
• CVE-2024-9959
• CVE-2024-9954
• CVE-2024-9966
• CVE-2024-10487
• CVE-2024-10229
• CVE-2024-10230
• CVE-2024-10231
• CVE-2024-9962
• CVE-2024-9964
• CVE-2024-9960
• CVE-2024-9963
• CVE-2024-9958

Frequently Asked Questions

• What is the severity of CVE-2024-10488?

  CVE-2024-10488 is classified as a high-severity vulnerability due to the potential for exploitation via a use-after-free condition in Chromium.

• How do I fix CVE-2024-10488?

  To fix CVE-2024-10488, users should update Microsoft Edge or Google Chrome to the latest version that addresses this vulnerability.

• Which versions are affected by CVE-2024-10488?

  CVE-2024-10488 affects Microsoft Edge versions earlier than 130.0.2849.68 and Google Chrome versions earlier than 130.0.6723.92.

• What impact does CVE-2024-10488 have on users?

  CVE-2024-10488 can potentially allow an attacker to execute arbitrary code on the user's system, leading to data breaches or system compromise.

• Who reported CVE-2024-10488?

  CVE-2024-10488 was assigned by the Chrome development team and is particularly relevant for users of Chromium-based browsers.