CVE-2024-7018: 
Google Chrome vulnerability analysis and mitigation

A heap buffer overflow vulnerability (CVE-2024-7018) was discovered in Google Chrome's PDF handling functionality. The vulnerability affects versions prior to 124.0.6367.78 and allows remote attackers to potentially exploit heap corruption through specially crafted PDF files. The issue was assigned a Medium severity rating by the Chromium security team (NVD, CVE).

The vulnerability is classified as a heap-based buffer overflow (CWE-122) and out-of-bounds write (CWE-787). It received a CVSS v3.1 base score of 7.8 (High) from NIST with vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, while CISA-ADP assessed it with a score of 8.8 (High) and vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD).

If successfully exploited, this vulnerability could lead to heap corruption, potentially allowing attackers to execute arbitrary code or cause system crashes when users open specially crafted PDF files (NVD).

Users are advised to update their Google Chrome installations to version 124.0.6367.78 or later to address this vulnerability. The fix has been incorporated into various distribution releases, including Debian bookworm (134.0.6998.35-1~deb12u1) (Debian Tracker).