CVE-2024-21640

Summary

Chromium Embedded Framework (CEF) is a simple framework for embedding Chromium-based browsers in other applications.CefVideoConsumerOSR::OnFrameCaptured does not check pixel_format properly, which leads to out-of-bounds read out of the sandbox. This vulnerability was patched in commit 1f55d2e.

Affected Software

VendorProductVersion RangeStatus
chromiumembeddedcef< commit 1f55d2eaffected

Weaknesses

  • CWE-125: CWE-125: Out-of-bounds Read

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References