Vulnerabilities > CVE-2024-21639 - Unspecified vulnerability in Chromiumembedded Chromium Embedded Framework

CVSS 9.6 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

chromiumembedded

critical

NVD

Published: 2024-01-12

Updated: 2024-11-21

Summary

CEF (Chromium Embedded Framework ) is a simple framework for embedding Chromium-based browsers in other applications. `CefLayeredWindowUpdaterOSR::OnAllocatedSharedMemory` does not check the size of the shared memory, which leads to out-of-bounds read outside the sandbox. This vulnerability was patched in commit 1f55d2e.

Vulnerable Configurations

Part	Description	Count
Application	Chromiumembedded Chromiumembedded Chromium Embedded Framework -	1

References

https://github.com/chromiumembedded/cef/commit/1f55d2e12f62cfdfbf9da6968fde2f928982670b
https://github.com/chromiumembedded/cef/commit/1f55d2e12f62cfdfbf9da6968fde2f928982670b
https://github.com/chromiumembedded/cef/security/advisories/GHSA-m375-jw5x-x8mg
https://github.com/chromiumembedded/cef/security/advisories/GHSA-m375-jw5x-x8mg