CVE-2024-7971
CVE-2024-7971
In short
A flaw in Chrome's V8 JavaScript engine allows attackers to confuse data types, leading to memory corruption. An attacker can craft a malicious webpage that exploits this to crash your browser or potentially run harmful code.
Technical detail
Type confusion vulnerability in V8 engine permits remote code execution through heap corruption when processing crafted HTML. Attack vector is network-based (malicious webpage), requiring only user interaction to visit the page; no authentication or special privileges needed. Impact includes arbitrary code execution in the browser's security context.
Summary generated and translated by AI from the official description.
Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Google · Chromepublic PoCs found — 1
githubgithub.com/mistymntncop/CVE-2024-7971★ 35⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.htmlhttps://issues.chromium.org/issues/360700873https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-7971https://www.microsoft.com/en-us/security/blog/2024/08/30/north-korean-threat-actor-citrine-sleet-exploiting-chromium-zero-day/