Remote Code Execution Vulnerability in Google Chrome Prior to 123.0.6312.86
CVE-2024-2887

7.7HIGH

Key Information:

Vendor
Google
Status
Chrome
Vendor
CVE Published:
26 March 2024

Badges

πŸ‘Ύ Exploit Exists🟑 Public PoCπŸ“° News Worthy

Summary

A remote code execution vulnerability, CVE-2024-2887, was discovered in Google Chrome prior to version 123.0.6312.86, which allowed a remote attacker to execute arbitrary code via a crafted HTML page. The update to Chrome version 123.0.6312.86/.87 addresses this vulnerability, along with several others, including two zero-day exploits showcased at the Pwn2Own 2024 hacking competition. The vulnerabilities include a use-after-free vulnerability in ANGLE, a cross-platform graphics engine abstraction layer, a high-severity use-after-free issue in Dawn, and two high-severity vulnerabilities involving WebCodecs and WebAssembly. These vulnerabilities revealed at Pwn2Own 2024 highlight the importance of timely updates to mitigate potential risks. Users are encouraged to update their browsers immediately to protect against these vulnerabilities.

Affected Version(s)

Chrome 123.0.6312.86

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Chrome-CVE-2024-2887-RCE-POC
Created by PumpkinBridge

CVE-2024-2887
Created by rycbar77

News Articles

favicon imageGreenbone

CVE-2024-2887 Archive - Greenbone

March 2024 was another eventful month for vulnerabilities and cybersecurity in general. It was the second consecutive month of lapsed Common Vulnerability Exposure (CVE) enrichment putting defenders in a...

8 months ago

favicon imageSystemTek

Google Chrome WASM Improper Input Validation Remote Code Execution Vulnerability [CVE-2024-2887]

CVE number CVE-2024-2887 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Google Chrome. User interaction is required to exploit this vulnerability in that...

9 months ago

favicon imageapp.soos.io

Security software, simplified.

SOOS β€’ Don't get cocky with your app sec. Industry leading app sec, all in one dashboard.

9 months ago

References

https://chromereleases.googleblog.com/2024/03/stable-chan...
https://issues.chromium.org/issues/330588502
https://lists.fedoraproject.org/archives/list/package-ann...

CVSS V3.1

Score:
7.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ“°

    First article discovered by GBHackers on Security

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre DatabaseGoogle Feed2 Proof of Concept(s)4 News Article(s)
.