CVE-2024-0813: 
vulnerability analysis and mitigation

CVE-2024-0813 is a Use-after-free vulnerability discovered in Google Chrome's Reading Mode feature affecting versions prior to 121.0.6167.85. The vulnerability was reported by @retsew0x01 on August 30, 2023, and was publicly disclosed on January 23, 2024. This security flaw affects Google Chrome browsers across multiple platforms including Windows, Mac, and Linux (Chrome Release).

The vulnerability is classified as a Use-after-free (CWE-416) issue in Chrome's Reading Mode functionality. It has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability requires user interaction and could potentially lead to heap corruption when specific UI interactions are performed (NVD).

If successfully exploited, this vulnerability could allow an attacker who convinces a user to install a malicious extension to potentially exploit heap corruption through specific UI interactions. The high CVSS score indicates that successful exploitation could lead to significant impacts on the confidentiality, integrity, and availability of the affected system (NVD).

The vulnerability has been patched in Google Chrome version 121.0.6167.85. Users are advised to update their Chrome browsers to this version or later to mitigate the risk. The fix has been distributed through the stable channel for Windows, Mac, and Linux platforms (Chrome Release).