CVE-2024-5274
CVE-2024-5274
In short
A flaw in Chrome's V8 JavaScript engine could allow attackers to run malicious code within the browser sandbox by tricking it into misidentifying data types. This could let hackers take control of your browser and steal sensitive information.
Technical detail
Type confusion vulnerability in V8 engine (CWE-843) enables remote code execution within the sandbox context via crafted HTML. Attack vector is web-based requiring user interaction; pre-condition is visiting a malicious webpage. Impact includes arbitrary code execution with sandbox privileges, potentially leading to data exfiltration or further privilege escalation.
Summary generated and translated by AI from the official description.
Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected products
Google · Chromepublic PoCs found — 2
githubgithub.com/mistymntncop/CVE-2024-5274★ 83githubgithub.com/Alchemist3dot14/CVE-2024-5274-Detection★ 3⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_23.htmlhttps://issues.chromium.org/issues/341663589https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVC3FNI7HZLVSRIFBVUSBHI233DZYBKP/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T6IBUYVPD4MIFQNNYBGAPI5MOECWXXOB/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-5274