CVE-2024-5846 – A use-after-free vulnerability in PDFium, Chrom... (How to Fix)

Q: What is the severity of CVE-2024-5846?

CVE-2024-5846 has a CVSS score of 8.8 (HIGH). A use-after-free vulnerability in PDFium, Chrome's PDF rendering engine, allows remote attackers to potentially exploit heap corruption via malicious PDF files. This could lead to arbitrary code execution or browser crashes. All Chrome users prior to version 126.0.6478.54 are affected.

📋 TL;DR

A use-after-free vulnerability in PDFium, Chrome's PDF rendering engine, allows remote attackers to potentially exploit heap corruption via malicious PDF files. This could lead to arbitrary code execution or browser crashes. All Chrome users prior to version 126.0.6478.54 are affected.

💻 Affected Systems

Products:

Google Chrome
Chromium-based browsers

Versions: All versions prior to 126.0.6478.54

Operating Systems: Windows, macOS, Linux, ChromeOS

Default Config Vulnerable: ⚠️ Yes

Notes: All default Chrome configurations with PDF viewing enabled are vulnerable. Chrome's built-in PDF viewer uses PDFium.

📦 What is this software?

Chrome by Google

Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...

Learn more about Chrome →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the same privileges as the Chrome process, potentially leading to full system compromise if Chrome is running with elevated privileges.

🟠

Likely Case

Browser crash (denial of service) or limited memory corruption leading to unstable browser behavior.

🟢

If Mitigated

Browser sandboxing may contain the exploit to the browser process, preventing full system compromise.

🌐 Internet-Facing: HIGH - Attackers can host malicious PDFs on websites or send them via email, requiring only user interaction to trigger.

🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing emails with malicious PDF attachments.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires user interaction to open a malicious PDF file. No public exploit code has been identified as of the advisory date.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 126.0.6478.54 and later

Vendor Advisory: https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html

Restart Required: Yes

Instructions:

1. Open Chrome. 2. Click the three-dot menu → Help → About Google Chrome. 3. Chrome will automatically check for and install updates. 4. Click 'Relaunch' to restart Chrome with the patched version.

🔧 Temporary Workarounds

Disable Chrome's built-in PDF viewer

all

Force Chrome to download PDFs instead of opening them internally, preventing PDFium from processing malicious files.

chrome://settings/content/pdfDocuments → Toggle 'Download PDF files instead of automatically opening them in Chrome' to ON

Use alternative PDF viewer

all

Configure Chrome to open PDFs with an external application like Adobe Reader.

chrome://settings/content/pdfDocuments → Toggle 'Open PDFs in Chrome' to OFF

🧯 If You Can't Patch

Block PDF file downloads at network perimeter using content filtering rules.
Implement application allowlisting to restrict execution of unpatched Chrome versions.

🔍 How to Verify

Check if Vulnerable:

Open Chrome, go to chrome://version and check if the version is earlier than 126.0.6478.54.

Check Version:

chrome://version

Verify Fix Applied:

Confirm Chrome version is 126.0.6478.54 or later via chrome://version.

📡 Detection & Monitoring

Log Indicators:

Chrome crash reports with PDFium-related stack traces
Unexpected Chrome process termination events in system logs

Network Indicators:

Downloads of PDF files from untrusted sources followed by Chrome crashes

SIEM Query:

source="chrome_crash_reports" AND process="chrome" AND module="pdfium"

📊 Metadata

CVE ID: CVE-2024-5846

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: June 11, 2024

Last Updated: November 21, 2024

🔗 References

https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html Third Party Advisory
https://issues.chromium.org/issues/341095523 Permissions Required
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/ Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/ Third Party Advisory
https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html Third Party Advisory
https://issues.chromium.org/issues/341095523 Permissions Required
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/ Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-5846, you might also want to check these: