CVE-2024-8637: 
vulnerability analysis and mitigation

A high-severity use-after-free vulnerability (CVE-2024-8637) was discovered in the Media Router component of Google Chrome on Android devices running versions prior to 128.0.6613.137. This vulnerability allows remote attackers to potentially exploit heap corruption through a specially crafted HTML page (Chrome Release).

The vulnerability is classified as a use-after-free (CWE-416) issue in the Media Router component. It received a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating network accessibility, low attack complexity, no privileges required, and user interaction required for exploitation (NVD).

If successfully exploited, this vulnerability could lead to heap corruption, potentially allowing attackers to execute arbitrary code with the same privileges as the Chrome browser process. The high CVSS score indicates potential severe impacts on confidentiality, integrity, and availability of the affected system (NVD).

The vulnerability has been patched in Google Chrome version 128.0.6613.137 for Android. Users are strongly advised to update their Chrome browsers to this version or later to protect against potential exploitation (Chrome Release).