CVE-2023-7024: 
vulnerability analysis and mitigation

CVE-2023-7024 is a high-severity heap buffer overflow vulnerability in WebRTC component of Google Chrome discovered on December 19, 2023. The vulnerability affects Google Chrome versions prior to 120.0.6099.129 and allows a remote attacker to potentially exploit heap corruption via a crafted HTML page (Chrome Release).

The vulnerability is classified as a heap buffer overflow (CWE-787: Out-of-bounds Write) in the WebRTC component. It has received a CVSS v3.1 base score of 8.8 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating network accessibility, low attack complexity, no privileges required, and user interaction needed for exploitation (NVD).

The vulnerability can lead to heap corruption when exploited, potentially allowing remote code execution through a specially crafted HTML page. The high CVSS score indicates potential impacts on confidentiality, integrity, and availability of the affected system (NVD).

The vulnerability has been patched in Google Chrome version 120.0.6099.129. Users and administrators are strongly advised to update to this version or later. The fix has also been implemented in various distributions including Debian (120.0.6099.129-1~deb11u1 and 120.0.6099.129-1~deb12u1), Fedora 38 and 39 (120.0.6099.129-1), and other Chromium-based browsers (Debian Advisory, Fedora Update).