CVE-2024-1283: 
vulnerability analysis and mitigation

CVE-2024-1283 is a heap buffer overflow vulnerability discovered in the Skia graphics engine component of Google Chrome versions prior to 121.0.6167.160. The vulnerability was reported on January 25, 2024, by security researcher Jorge Buzeti (@r3tr074) and was publicly disclosed on February 6, 2024. This high-severity security flaw affects Google Chrome and other Chromium-based browsers (Chrome Release).

The vulnerability is classified as a heap buffer overflow (CWE-787: Out-of-bounds Write) in the Skia graphics engine component. It received a CVSS v3.1 base score of 9.8 (CRITICAL) with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating remote exploitation potential with no required privileges or user interaction (NVD).

A successful exploitation of this vulnerability could allow a remote attacker to potentially exploit heap corruption through a specially crafted HTML page. Given the CVSS score and vector, successful exploitation could lead to complete compromise of system confidentiality, integrity, and availability (NVD).

Users are advised to update to Google Chrome version 121.0.6167.160 or later. The vulnerability has been patched in this version for Windows, Mac, and Linux platforms. Fedora users can update using the dnf package manager to versions 121.0.6167.160-1.fc38 for Fedora 38 and 121.0.6167.160-1.fc39 for Fedora 39 (Fedora Advisory).