Gentoo update for QtWebEngine

1) Type Confusion

EUVDB-ID: #VU88973

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-4058

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error in ANGLE. A remote attacker can trick the victim to visit a specially crafted website, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Out-of-bounds read

EUVDB-ID: #VU88971

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-4059

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the V8 API component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger an out-of-bounds read error and gain access to sensitive information.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use-after-free

EUVDB-ID: #VU88972

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-4060

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Dawn component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Use-after-free

EUVDB-ID: #VU89232

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-4558

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the ANGLE component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Heap-based buffer overflow

EUVDB-ID: #VU89233

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-4559

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted HTML content in WebAudio. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Out-of-bounds write

EUVDB-ID: #VU89420

Risk: Critical

CVSSv4.0: 8.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]

CVE-ID: CVE-2024-4761

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted HTML content in V8. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger out-of-bounds write and execute arbitrary code on the target system.

Note, the vulnerability is being actively exploited in the wild.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

7) Use-after-free

EUVDB-ID: #VU89713

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-5157

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Scheduling component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Type Confusion

EUVDB-ID: #VU89714

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-5158

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Heap-based buffer overflow

EUVDB-ID: #VU89715

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-5159

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted HTML content in ANGLE. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Heap-based buffer overflow

EUVDB-ID: #VU89716

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-5160

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted HTML content in Dawn. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Type Confusion

EUVDB-ID: #VU91765

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-5830

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Use-after-free

EUVDB-ID: #VU91766

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-5831

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Dawn component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Use-after-free

EUVDB-ID: #VU91767

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-5832

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Dawn component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Type Confusion

EUVDB-ID: #VU91768

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-5833

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Improperly implemented security check for standard

EUVDB-ID: #VU91769

Risk: Medium

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-5834

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to incorrect implementation in Dawn in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Heap-based buffer overflow

EUVDB-ID: #VU91770

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-5835

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted HTML content in Tab Groups. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Improperly implemented security check for standard

EUVDB-ID: #VU91771

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2024-5836

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: Yes

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to incorrect implementation in DevTools in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

18) Type Confusion

EUVDB-ID: #VU91772

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-5837

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Type Confusion

EUVDB-ID: #VU91773

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-5838

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Improperly implemented security check for standard

EUVDB-ID: #VU91774

Risk: High

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-5839

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Memory Allocator in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Improper access control

EUVDB-ID: #VU91775

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-5840

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to improper access restrictions in CORS. A remote attacker can create a specially crafted web page, trick the victim into visiting it, bypass implemented security restrictions and gain unauthorized access to sensitive information.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Use-after-free

EUVDB-ID: #VU91776

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-5841

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within V8 in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Use-after-free

EUVDB-ID: #VU91777

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-5842

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within Browser UI in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Improperly implemented security check for standard

EUVDB-ID: #VU91778

Risk: High

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-5843

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Downloads in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Heap-based buffer overflow

EUVDB-ID: #VU91779

Risk: Medium

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-5844

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted HTML content in Tab Strip. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Use-after-free

EUVDB-ID: #VU91780

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-5845

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within Audio in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Use-after-free

EUVDB-ID: #VU91781

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-5846

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within PDFium in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Use-after-free

EUVDB-ID: #VU91782

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-5847

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within PDFium in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Use-after-free

EUVDB-ID: #VU93222

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-6290

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Dawn component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Use-after-free

EUVDB-ID: #VU93223

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-6291

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Swiftshader component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Use-after-free

EUVDB-ID: #VU93224

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-6292

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Dawn component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Use-after-free

EUVDB-ID: #VU93225

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-6293

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Dawn component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Use-after-free

EUVDB-ID: #VU94689

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-6988

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Downloads. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Use-after-free

EUVDB-ID: #VU94690

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-6989

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Loader. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Use-after-free

EUVDB-ID: #VU94691

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-6991

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Dawn. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Heap-based buffer overflow

EUVDB-ID: #VU94696

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-6994

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in Layout. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Improper access control

EUVDB-ID: #VU94697

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-6995

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to inappropriate implementation in Fullscreen. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain unauthorized access to the system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Race condition

EUVDB-ID: #VU94698

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-6996

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a race condition in Frames. A remote attacker can create a specially crafted web page, trick the victim into visiting it and execute arbitrary code on the target system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Use-after-free

EUVDB-ID: #VU94701

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-6997

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within Tabs. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Use-after-free

EUVDB-ID: #VU94702

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-6998

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within User Education. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Improper access control

EUVDB-ID: #VU94703

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-6999

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to inappropriate implementation in FedCM. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain unauthorized access to the system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Use-after-free

EUVDB-ID: #VU94704

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-7000

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within CSS. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Improper access control

EUVDB-ID: #VU94705

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-7001

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to inappropriate implementation in HTML. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain unauthorized access to the system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Improper access control

EUVDB-ID: #VU94708

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-7003

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to inappropriate implementation in FedCM. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain unauthorized access to the system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Input validation error

EUVDB-ID: #VU94712

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-7004

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in Safe Browsing. A remote attacker can create a specially crafted web page, trick the victim into visiting it and perform a denial of service (DoS) attack.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Input validation error

EUVDB-ID: #VU94714

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-7005

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in Safe Browsing. A remote attacker can create a specially crafted web page, trick the victim into visiting it and perform a denial of service (DoS) attack.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Out-of-bounds write

EUVDB-ID: #VU95425

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-7532

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in ANGLE. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger an out-of-bounds write and execute arbitrary code on the target system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Use-after-free

EUVDB-ID: #VU95426

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-7533

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Sharing component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Heap-based buffer overflow

EUVDB-ID: #VU95428

Risk: Medium

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-7534

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted HTML content in Layout. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Improperly implemented security check for standard

EUVDB-ID: #VU95429

Risk: Low

CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-7535

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to incorrect implementation in V8 in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Use-after-free

EUVDB-ID: #VU95430

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-7536

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the WebAudio component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Type Confusion

EUVDB-ID: #VU95427

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-7550

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Use-after-free

EUVDB-ID: #VU96379

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-7964

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Passwords component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Improperly implemented security check for standard

EUVDB-ID: #VU96380

Risk: Critical

CVSSv4.0: 7.4 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:A/U:Red]

CVE-ID: CVE-2024-7965

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: Yes

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to incorrect implementation in V8 in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.

Note, the vulnerability is being actively exploited in the wild.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

55) Buffer overflow

EUVDB-ID: #VU96381

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-7966

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a boundary error in Skia in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage, trigger a stack-based buffer overflow and execute arbitrary code on the system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Heap-based buffer overflow

EUVDB-ID: #VU96382

Risk: Medium

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-7967

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted HTML content in Fonts. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Use-after-free

EUVDB-ID: #VU96383

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-7968

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Autofill component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Type Confusion

EUVDB-ID: #VU96384

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-7969

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Type Confusion

EUVDB-ID: #VU96385

Risk: Critical

CVSSv4.0: 8.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]

CVE-ID: CVE-2024-7971

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the V8 engine. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Note, the vulnerability is being actively exploited in the wild.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

60) Improperly implemented security check for standard

EUVDB-ID: #VU96386

Risk: Low

CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-7972

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in V8 in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Heap-based buffer overflow

EUVDB-ID: #VU96387

Risk: Medium

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-7973

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted HTML content in PDFium. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Input validation error

EUVDB-ID: #VU96388

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-7974

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in V8 API in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Improperly implemented security check for standard

EUVDB-ID: #VU96389

Risk: Low

CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-7975

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Permissions in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Improperly implemented security check for standard

EUVDB-ID: #VU96390

Risk: Low

CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-7976

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in FedCM in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Input validation error

EUVDB-ID: #VU96391

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-7977

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in Installer in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU96392

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-7978

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in Data Transfer in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Input validation error

EUVDB-ID: #VU96393

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-7979

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in Installer in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Input validation error

EUVDB-ID: #VU96394

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-7980

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in Installer in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Improperly implemented security check for standard

EUVDB-ID: #VU96395

Risk: Low

CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-7981

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Views in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Improperly implemented security check for standard

EUVDB-ID: #VU96396

Risk: Low

CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-8033

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in WebApp Installs in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) Improperly implemented security check for standard

EUVDB-ID: #VU96397

Risk: Low

CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-8034

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Custom Tabs in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) Improperly implemented security check for standard

EUVDB-ID: #VU96398

Risk: Low

CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-8035

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Extensions in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) Heap-based buffer overflow

EUVDB-ID: #VU96600

Risk: Medium

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-8193

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted HTML content in Skia. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) Type Confusion

EUVDB-ID: #VU96601

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-8194

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) Heap-based buffer overflow

EUVDB-ID: #VU96602

Risk: Medium

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-8198

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted HTML content in Skia. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) Heap-based buffer overflow

EUVDB-ID: #VU97121

Risk: Medium

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-8636

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted HTML content in Skia. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

77) Use-after-free

EUVDB-ID: #VU97122

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-8637

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Media Router component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

78) Type Confusion

EUVDB-ID: #VU97123

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-8638

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

79) Use-after-free

EUVDB-ID: #VU97124

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-8639

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Autofill component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

80) Use-after-free

EUVDB-ID: #VU97676

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-9120

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Dawn component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

81) Improperly implemented security check for standard

EUVDB-ID: #VU97677

Risk: Low

CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-9121

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to incorrect implementation in V8 in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

82) Type Confusion

EUVDB-ID: #VU97678

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-9122

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

83) Integer overflow

EUVDB-ID: #VU97679

Risk: High

CVSSv4.0: 5.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-9123

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in Skia component in Google Chrome. A remote attacker can trick the victim to open a specially crafted web page, trigger an integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

84) Type Confusion

EUVDB-ID: #VU98244

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-9602

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

85) Type Confusion

EUVDB-ID: #VU98245

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-9603

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

86) Improperly implemented security check for standard

EUVDB-ID: #VU99264

Risk: Low

CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-10229

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to incorrect implementation in Extensions in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

87) Type Confusion

EUVDB-ID: #VU99265

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-10230

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

88) Type Confusion

EUVDB-ID: #VU99266

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-10231

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

89) Use-after-free

EUVDB-ID: #VU99851

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-10826

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Family Experiences component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

90) Use-after-free

EUVDB-ID: #VU99852

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-10827

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the Serial component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

91) Buffer Underwrite ('Buffer Underflow')

EUVDB-ID: #VU96897

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-45490

CWE-ID: CWE-124 - Buffer Underwrite ('Buffer Underflow')

Exploit availability: No

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a boundary error in xmlparse.c when handling negative length for XML_ParseBuffer. A remote attacker can pass specially crafted input to the application, trigger buffer underflow and execute arbitrary code on the system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

92) Integer overflow

EUVDB-ID: #VU96898

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-45491

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow within the dtdCopy() function in xmlparse.c. A remote attacker can pass specially crafted input to the application, trigger an integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

93) Integer overflow

EUVDB-ID: #VU96899

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-45492

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow within the nextScaffoldPart() function in xmlparse.c. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Update the affected packages.
dev-qt/qtwebengine to version:

Gentoo Linux: All versions

dev-qt/qtwebengine: before 103.0.5060.53

• cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:gentoo:dev-qt_qtwebengine:*:*:*:*:*:gentoo_linux:*:*

http://security.gentoo.org/glsa/202501-09

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.