CVE-2024-5494: 
vulnerability analysis and mitigation

CVE-2024-5494 is a high-severity vulnerability discovered in Google Chrome's Dawn component affecting versions prior to 125.0.6422.141. The vulnerability was reported by wgslfuzz on May 1, 2024, and involves a use-after-free condition that could allow remote attackers to exploit heap corruption through a specially crafted HTML page (Chrome Release).

The vulnerability is classified as a Use After Free (CWE-416) issue in the Dawn component of Google Chrome. It has received a CVSS v3.1 base score of 8.8 (High) from NIST with a vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating network accessibility, low attack complexity, and high impact on confidentiality, integrity, and availability. CISA-ADP assessed it with a slightly lower score of 7.5 due to higher attack complexity (NVD).

If successfully exploited, this vulnerability could allow an attacker to potentially exploit heap corruption through a crafted HTML page, potentially leading to arbitrary code execution within the context of the browser. The high CVSS scores indicate significant potential impact on system security, including possible compromise of confidentiality, integrity, and availability (NVD).

Google has released version 125.0.6422.141 of Chrome to address this vulnerability. Users and administrators are strongly advised to update to this version or later. The fix has been incorporated into various distributions, including Fedora 39 and 40 through their respective update channels (Fedora Update).