CVE-2024-2885: Use after free in Dawn in Google Chrome (26th Mar 2024)

Preface: WebGPU is a JavaScript API provided by a web browser that enables webpage scripts to efficiently utilize a device’s graphics processing unit (GPU). Google has enabled WebGPU support by default in Chrome 121, the latest version of its Chrome browser.

Background: WebGPU sees physical GPU hardware as GPUAdapters. It provides a connection to an adapter via GPUDevice, which manages resources, and the device’s GPUQueues, which execute commands.

Vulnerability details: Use after free in Dawn in Google Chrome prior to 123[.]0[.]6312[.]86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Official announcement: Please refer to the link for details –

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.