CVE-2024-4947
Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- May 15, 2024
- Published Date
- May 15, 2024
- Last Updated
- February 13, 2025
- Vendor
- Product
- Chrome
- Description
- Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVSS Scores
CVSS v3.1
9.6 - CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
SSVC Information
- Exploitation
- Active
- Technical Impact
- Total
Exploit Status
- Exploited in the Wild
- Yes (added 2024-05-20 00:00:00 UTC) Source
References
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_15.html
https://issues.chromium.org/issues/340221135
https://lists.fedoraproject.org/archives/list/[email protected]/message/NTSN22LNYXMWHVTYNOYQVOY7VDZFHENQ/
https://lists.fedoraproject.org/archives/list/[email protected]/message/WSUWM73ZCXTN62AT2REYQDD5ZKPFMDZD/
https://lists.fedoraproject.org/archives/list/[email protected]/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2024-05-20 00:00:00 UTC |