CVE-2024-3157: Out of bounds write in Compositing

Reference Links

• https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_10.html (Advisory)
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3157 (Advisory)
• https://issues.chromium.org/issues/331237485
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDHNEFD76ORM7WBWAEZT6HSYDMZVIED4/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EW66LXDACTB5FCHLUPZOGD2KA2J62Q2/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVEJEW7UCSUSK2J2FYQRZZPI74P2D3JP/

Parent vulnerabilities

(Appears in the following advisories)

• 7320210136971684563

Peer vulnerabilities

(Found alongside the following vulnerabilities)

• CVE-2024-3516
• CVE-2024-3515

Frequently Asked Questions

• What is the severity of CVE-2024-3157?

  CVE-2024-3157 is classified as a vulnerability that could lead to an out of bounds write, potentially allowing for system exploitation.

• How do I fix CVE-2024-3157?

  To fix CVE-2024-3157, update Google Chrome to version 123.0.6312.122 or higher, or update Microsoft Edge (Chromium-based) to the latest version.

• Which browsers are impacted by CVE-2024-3157?

  CVE-2024-3157 affects Google Chrome up to version 123.0.6312.122 and Microsoft Edge (Chromium-based) as it relies on Chromium.

• Is CVE-2024-3157 specific to any operating systems?

  CVE-2024-3157 impacts Chromium-based browsers on various operating systems, including Fedora versions 38, 39, and 40.

• What type of vulnerability is CVE-2024-3157?

  CVE-2024-3157 is an out of bounds write vulnerability, which can lead to arbitrary code execution if exploited.