Object Corruption Vulnerability in WebAssembly Prior to 124.0.6367.60
CVE-2024-3833
Key Information
- Vendor
- Status
- Chrome
- Vendor
- CVE Published:
- 17 April 2024
Badges
Summary
A recently discovered vulnerability in Google Chrome's V8 engine, designated as CVE-2024-3833, allows for remote code execution (RCE) through duplicate object properties in the renderer sandbox. This object corruption flaw poses significant security risks and can potentially be exploited by creating a scenario where an object has duplicate properties, leading to type confusion and ultimately permitting code execution. Google has addressed this vulnerability in the latest Chrome update, and users are strongly advised to update their browsers to the latest version. The exploitation of this vulnerability underscores the importance of rigorous security practices in browser development and the need for continuous monitoring and updating of software to mitigate emerging threats.
Affected Version(s)
Chrome < 124.0.6367.60
News Articles
Chrome's Renderer Vulnerability Allows Remote Code Execution via Duplicate Object Properties
Zach Anderson Jun 27, 2024 08:37 A newly discovered bug in Chrome's V8 engine, CVE-2024-3833, allows...
6 months ago
Refferences
CVSS V3.1
Timeline
- 👾
Exploit known to exist
First article discovered by Blockchain News
Vulnerability published
Vulnerability Reserved