
Preface: WebGPU is a JavaScript API provided by a web browser that enables webpage scripts to efficiently utilize a device’s graphics processing unit (GPU). Google has enabled WebGPU support by default in Chrome 121, the latest version of its Chrome browser.
Background: WebGPU sees physical GPU hardware as GPUAdapters. It provides a connection to an adapter via GPUDevice, which manages resources, and the device’s GPUQueues, which execute commands.
Vulnerability details: Use after free in Dawn in Google Chrome prior to 123[.]0[.]6312[.]86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Official announcement: Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2024-2885