CVE-2024-0807: 
vulnerability analysis and mitigation

CVE-2024-0807 is a high-severity use-after-free vulnerability discovered in the Web Audio component of Google Chrome versions prior to 121.0.6167.85. The vulnerability was reported by Huang Xilin of Ant Group Light-Year Security Lab on November 25, 2023, and was officially disclosed on January 23, 2024 (Chrome Release).

The vulnerability is classified as a use-after-free (CWE-416) issue in the Web Audio component of Chrome. It has received a CVSS v3.1 base score of 8.8 (HIGH) with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating that it can be exploited remotely with low attack complexity and requires user interaction (NVD).

If successfully exploited, this vulnerability could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page, potentially leading to arbitrary code execution within the context of the browser (Chrome Release).

The vulnerability has been patched in Chrome version 121.0.6167.85 for Mac and Linux, and versions 121.0.6167.85/.86 for Windows. Users are strongly advised to update their Chrome browsers to these versions or later to mitigate the risk (Chrome Release).