CVSS 3.1 Score 5.3 of 10 (medium)


Published Jan 12, 2024
Updated: Jan 22, 2024
CWE ID 125


CVE-2024-21639 is a vulnerability that affects CEF (Chromium Embedded Framework), a framework used for embedding Chromium-based browsers in other applications. The vulnerability, which has a base severity of MEDIUM and a risk score of 65, occurs in the CefLayeredWindowUpdaterOSR::OnAllocatedSharedMemory function. It allows for an out-of-bounds read outside the sandbox as the shared memory size is not properly checked. The vulnerability was patched in commit 1f55d2e. The exploitability score is 1.6, indicating a low level of exploitability, and the potential danger to an organization lies in the high availability impact it poses.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-21639 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options