CVE-2024-6293: 
vulnerability analysis and mitigation

CVE-2024-6293 is a high-severity vulnerability discovered in Dawn component of Google Chrome versions prior to 126.0.6478.126. The vulnerability was disclosed on June 24, 2024, and affects Google Chrome browser and Chromium-based browsers. This use-after-free vulnerability could allow a remote attacker to potentially exploit heap corruption through a specially crafted HTML page (Chrome Release).

The vulnerability is classified as a Use After Free (CWE-416) issue in the Dawn component of Chrome. It has received a CVSS v3.1 base score of 8.8 (High) from NIST with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, while CISA-ADP assessed it with a score of 7.5 (High) with vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD).

If successfully exploited, this vulnerability could lead to heap corruption, potentially allowing an attacker to execute arbitrary code within the context of the browser. The high severity rating indicates that successful exploitation could result in significant impact on the confidentiality, integrity, and availability of the affected system (NVD).

Users are advised to update their Google Chrome browser to version 126.0.6478.126 or later. The vulnerability has been fixed in the stable channel update for Windows, Mac, and Linux platforms. Fedora users can update using the dnf package manager to versions 126.0.6478.126-1.fc39 for Fedora 39 and 126.0.6478.126-1.fc40 for Fedora 40 (Fedora Update).