CVE-2024-0808

CRITICAL

Published Jan 24, 2024 Modified May 30, 2025 CWE-191

Description

Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High)

CVSS v3.1 Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness Type (CWE)

CWE-191 CWE-191

Affected Products

Vendor	Product	Versions
debian	debian_linux	All
google	chrome	< 121.0.6167.85
fedoraproject	fedora	All
fedoraproject	fedora	All

References

Advisories & Patches

https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html

Other References

https://crbug.com/1504936 https://lists.fedoraproject.org/archives/list/[email protected]/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/ https://lists.fedoraproject.org/archives/list/[email protected]/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/ https://crbug.com/1504936 https://lists.fedoraproject.org/archives/list/[email protected]/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/ https://lists.fedoraproject.org/archives/list/[email protected]/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/

Frequently Asked Questions

What is CVE-2024-0808? +

Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High) It has a CVSS v3.1 base score of 9.8 (CRITICAL).

How severe is CVE-2024-0808? +

CVE-2024-0808 has a CVSS v3.1 score of 9.8 out of 10, rated CRITICAL. This is a critical vulnerability that should be patched immediately.

What products are affected by CVE-2024-0808? +

CVE-2024-0808 affects products from debian, fedoraproject, google, specifically: chrome, debian_linux, fedora. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2024-0808? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2025-59368

An integer underflow vulnerability has been identified in Aicloud. An authenticated attacker may trigger this vulnerability by sending a crafted …

CVE-2025-65092

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.1, 5.4.3, and 5.3.4, when the ESP32-P4 uses …

CVE-2026-43916

pam_authnft is a PAM session module binding nftables firewall rules to authenticated sessions via cgroupv2 inodes. Prior to 0.2.0-alpha, a …

CVE-2024-23313 9.8

An integer underflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A …

CVE-2025-29909 9.8

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications …

CVE-2025-29912 9.8

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications …

Quick Facts

CVSS Score: 9.8
Severity: CRITICAL
Published: Jan 24, 2024

Scan for this vulnerability

Check if your website or infrastructure is affected by CVE-2024-0808.

Website Scan Port Scan

Browse CVEs

Critical High CISA KEV ! Most likely exploited →