CVE-2024-7965

CVSS 8.8 HIGHEPSS 17.2%● KEVCWE-358

In short

A flaw in Chrome's V8 JavaScript engine allows attackers to corrupt browser memory through a specially crafted webpage, potentially leading to crashes or code execution.

Technical detail

CWE-358 (Inappropriate implementation) in V8 enables heap corruption via remote HTML delivery; requires user to visit a malicious page; impacts memory integrity and may facilitate code execution or denial of service.

Summary generated and translated by AI from the official description.

Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Google · Chrome

public PoCs found — 1

githubgithub.com/bi-zone/CVE-2024-7965★ 49

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html https://issues.chromium.org/issues/356196918 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-7965