CVE-2024-1059: 
vulnerability analysis and mitigation

CVE-2024-1059 is a high-severity vulnerability discovered in Google Chrome versions prior to 121.0.6167.139. The vulnerability was reported by Cassidy Kim (@cassidy6564) on December 29, 2023, and involves a use-after-free issue in the Peer Connection (WebRTC) component (Chrome Release).

The vulnerability is classified as a use-after-free flaw in the WebRTC (Peer Connection) component of Google Chrome. It has received a CVSS v3.1 base score of 8.8 (HIGH) with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is tracked under CWE-416 (Use After Free) and can potentially lead to stack corruption when exploited (NVD).

The vulnerability allows a remote attacker to potentially exploit stack corruption through a specially crafted HTML page. Given its high severity rating and the potential for remote exploitation, successful exploitation could lead to arbitrary code execution within the context of the browser (NVD).

The vulnerability has been patched in Google Chrome version 121.0.6167.139. Users are advised to update their Chrome browser to this version or later. The fix has also been incorporated into Fedora 38 and 39 through their respective package updates (Fedora List).