CVE-2024-10487: 
vulnerability analysis and mitigation

A critical out-of-bounds write vulnerability (CVE-2024-10487) was discovered in the Dawn component of Google Chrome versions prior to 130.0.6723.92. The vulnerability was reported by Apple Security Engineering and Architecture (SEAR) on October 23, 2024, and was publicly disclosed on October 29, 2024. This security flaw affects Google Chrome browsers across Windows, Mac, and Linux platforms (Chrome Release).

The vulnerability is classified as an out-of-bounds write issue in Dawn, which could allow attackers to perform out-of-bounds memory access through a specially crafted HTML page. The vulnerability has received a CVSS v3.1 base score of 8.8 (High), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. It has been categorized under CWE-787 (Out-of-bounds Write) (NVD).

The vulnerability's critical severity rating and high CVSS score indicate significant potential impact. If successfully exploited, the vulnerability could lead to high levels of compromise in confidentiality, integrity, and availability of the affected system, requiring user interaction for exploitation (NVD).

Google has released version 130.0.6723.92 for Windows and Mac, and version 130.0.6723.91 for Linux to address this vulnerability. Users are advised to update their Chrome browsers to these versions or later. The fix has also been incorporated into various other products, including Prisma Access Browser version 130.92.2920.10 and later versions (Palo Alto).