CVE-2024-6291: 
vulnerability analysis and mitigation

CVE-2024-6291 is a high-severity vulnerability discovered in Google Chrome's Swiftshader component affecting versions prior to 126.0.6478.126. The vulnerability was reported by Cassidy Kim (@cassidy6564) on November 15, 2023, and was officially disclosed on June 24, 2024. This security flaw affects Google Chrome installations across Windows, Mac, and Linux platforms (Chrome Release).

The vulnerability is classified as a Use-After-Free (UAF) issue in the Swiftshader component of Google Chrome. It has received a CVSS v3.1 base score of 8.8 (High) from NIST with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, while CISA-ADP assessed it with a score of 7.5 (High) and vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is tracked under CWE-416 (Use After Free) (NVD).

The vulnerability allows a remote attacker to potentially exploit heap corruption through a specially crafted HTML page, which could lead to arbitrary code execution with the same privileges as the Chrome browser process (NVD).

Google has released version 126.0.6478.126/127 for Windows and Mac, and 126.0.6478.126 for Linux to address this vulnerability. Users are advised to update their Chrome browsers to these versions or later. The update is being rolled out over several days/weeks (Chrome Release).