Object Corruption Vulnerability in WebAssembly Prior to 124.0.6367.60
CVE-2024-3833

8.8HIGH

Key Information:

Vendor
Google
Status
Chrome
Vendor
CVE Published:
17 April 2024

Badges

👾 Exploit Exists📰 News Worthy

Summary

A recently discovered vulnerability in Google Chrome's V8 engine, designated as CVE-2024-3833, allows for remote code execution (RCE) through duplicate object properties in the renderer sandbox. This object corruption flaw poses significant security risks and can potentially be exploited by creating a scenario where an object has duplicate properties, leading to type confusion and ultimately permitting code execution. Google has addressed this vulnerability in the latest Chrome update, and users are strongly advised to update their browsers to the latest version. The exploitation of this vulnerability underscores the importance of rigorous security practices in browser development and the need for continuous monitoring and updating of software to mitigate emerging threats.

Affected Version(s)

Chrome 124.0.6367.60

News Articles

favicon imageBlockchain News

Chrome's Renderer Vulnerability Allows Remote Code Execution via Duplicate Object Properties

Zach Anderson Jun 27, 2024 08:37 A newly discovered bug in Chrome's V8 engine, CVE-2024-3833, allows...

7 months ago

References

https://chromereleases.googleblog.com/2024/04/stable-chan...
https://issues.chromium.org/issues/331383939
https://lists.fedoraproject.org/archives/list/package-ann...

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by Blockchain News

  • Vulnerability published

  • Vulnerability Reserved

.