Type Confusion in V8 Could Lead to Heap Corruption
CVE-2024-1939

8.8HIGH

Key Information:

Vendor: Google
Status: Chrome
Vendor: CVE Published:; 29 February 2024

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A type confusion vulnerability in the V8 engine of Google Chrome, prior to version 122.0.6261.94, can potentially be exploited by remote attackers using specially crafted HTML pages. This may result in heap corruption, which can lead to unauthorized actions on the affected system. Users are advised to update to the latest version of Google Chrome to mitigate this risk.

Affected Version(s)

Chrome 122.0.6261.94

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-1939
Created by rycbar77

References

https://chromereleases.googleblog.com/2024/02/stable-chan...

https://issues.chromium.org/issues/323694592

https://lists.fedoraproject.org/archives/list/package-ann...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

🟡
Public PoC available
Aug 25, 2024
👾
Exploit known to exist
Aug 25, 2024
Vulnerability published
Feb 29, 2024