Arbitrary Read/Write Vulnerability in V8 Prior to 123.0.6312.105
CVE-2024-3159
What is CVE-2024-3159?
CVE-2024-3159 is a high-severity vulnerability in the V8 JavaScript engine used by the Google Chrome browser. It allows remote attackers to perform an out-of-bounds memory access, resulting in potential heap corruption and exposure of sensitive data. This vulnerability was exploited during the Pwn2Own hacking contest, with researchers receiving a $42,500 bug bounty for showcasing the attack. Google has released an update to patch this vulnerability, along with two other vulnerabilities, and recommends that users update their browsers promptly. No known exploitation of this vulnerability in the wild by ransomware groups has been reported.
Affected Version(s)
Chrome 123.0.6312.105
News Articles
SystemTekCVE-2024-3159Google Chrome V8 Enum Cache Out-Of-Bounds Read Remote Code Execution Vulnerability [CVE-2024-3159]
CVE number CVE-2024-3159 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Google Chrome. User interaction is required to exploit this vulnerability in that...
CybersecurityNewsCVE-2024-3159Chrome Zero-Day Vulnerability Exploited At Pwn2Own : Patch Now
Google fixed three vulnerabilities in the Chrome browser on Tuesday, along with another zero-day exploit that was exploited during the Pwn2Own
Google Patches Chrome Flaw That Earned Hackers $42,500 at Pwn2Own
Google pushes a new Chrome update to patch another zero-day vulnerability demonstrated at a hacking contest.
References
CVSS V3.1
Timeline
Vulnerability published
- đź“°
First article discovered by SecurityWeek
Vulnerability Reserved