CVE-2024-8198: 
vulnerability analysis and mitigation

A heap buffer overflow vulnerability (CVE-2024-8198) was discovered in the Skia component of Google Chrome versions prior to 128.0.6613.113. The vulnerability was reported on August 19, 2024, and was publicly disclosed on August 28, 2024. This security flaw affects Google Chrome installations across Windows, Mac, and Linux operating systems (Chrome Release).

The vulnerability is classified as a heap buffer overflow in the Skia graphics engine of Google Chrome. It has been assigned a CVSS v3.1 base score of 8.8 (High) by NIST with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is also tracked under CWE-787 (Out-of-bounds Write) and CWE-120 (Buffer Copy without Checking Size of Input) (NVD).

The vulnerability could allow a remote attacker who has compromised the renderer process to potentially exploit heap corruption through a specially crafted HTML page. Given the high CVSS score and the critical nature of the Skia component, successful exploitation could lead to significant security implications including potential code execution (NVD).

Google has released version 128.0.6613.113/.114 for Windows and Mac, and version 128.0.6613.113 for Linux to address this vulnerability. Users are strongly advised to update their Chrome browsers to these versions or later (Chrome Release).