CVE-2024-6779: 
vulnerability analysis and mitigation

A high-severity vulnerability (CVE-2024-6779) was discovered in Google Chrome's V8 engine. The issue involves an out-of-bounds memory access that could potentially allow a remote attacker to perform a sandbox escape through a specially crafted HTML page. The vulnerability affects Google Chrome versions prior to 126.0.6478.182. This security flaw was reported by Seunghyun Lee (@0x10n) on July 6, 2024, and was subsequently patched in the stable channel update (Chrome Release).

The vulnerability is classified as an out-of-bounds write (CWE-787) affecting the V8 JavaScript engine in Google Chrome. It received a CVSS v3.1 base score of 9.6 (Critical) from NIST with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H, indicating network accessibility, low attack complexity, no privileges required, and user interaction required. Additionally, CISA-ADP assessed it with a CVSS score of 8.8 (High) with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD).

The vulnerability could allow an attacker to escape the Chrome sandbox environment, potentially leading to high impacts on confidentiality, integrity, and availability of the affected system. The critical CVSS score indicates that successful exploitation could result in significant compromise of the system's security (NVD).

Google has released version 126.0.6478.182/183 for Windows and Mac, and version 126.0.6478.182 for Linux to address this vulnerability. Users are advised to update their Chrome browsers to these versions or later to mitigate the risk. The update is being rolled out over several days/weeks (Chrome Release).