CVE-2024-4947
CVE-2024-4947
In short
A flaw in Chrome's V8 JavaScript engine allows attackers to trick the browser into confusing different data types, letting them run malicious code even within Chrome's security sandbox. This happens when someone visits a specially designed webpage.
Technical detail
Type confusion vulnerability in V8 (CWE-843) allows remote code execution within the Chrome sandbox when a user opens a crafted HTML page; no user interaction beyond opening the page is required. The vulnerability stems from improper type checking in the JavaScript engine, enabling an attacker to bypass memory safety protections and execute arbitrary code with sandboxed privileges.
Summary generated and translated by AI from the official description.
Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected products
Google · Chromepublic PoCs found — 1
githubgithub.com/bjrjk/CVE-2024-4947★ 30⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_15.htmlhttps://issues.chromium.org/issues/340221135https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NTSN22LNYXMWHVTYNOYQVOY7VDZFHENQ/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSUWM73ZCXTN62AT2REYQDD5ZKPFMDZD/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-4947